Tag: Malware

Rhadamanthys Malware Detection: New Infostealer Spread via Google Ads & Spam Emails to Target Crypto Wallets and Dump Sensitive Information

Security experts have shed light on a novel malicious sample hiding in the malicious arena, an evasive stealer dubbed Rhadamanthys. The malware is commonly distributed via Google ads redirecting compromised users to phishing webpages disguised as widely-used legitimate software.  Detect Rhadamanthys Malware In view of the increasing popularity of Rhadamanthys stealer being broadly distributed in […]

Read More
Raspberry Robin Malware Detection: Enhanced Worm-Like Version Attacking European Financial Institutions

No matter the holiday season, adversaries have no vacation inventing new malicious tricks to target unsuspecting victims. Last week, security researchers uncovered an enhanced variant of the worm-like Raspberry Robin malware dropper leveraged to target financial and insurance companies across European countries. Experts specifically note that Rasperry Robin received a significant upgrade, including complex obfuscation […]

Read More
russia-Backed Turla Group on the Rise
Turla Activity Detection: russian Cyberespionage Group Targeting Ukraine Uses Decade-Old USB-Delivered Andromeda Malware to Spread Novel Backdoors

With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]

Read More
BlueNoroff Group Attack Detection
BlueNoroff Group Activity Detection: Threat Actors Apply Novel Methods to Bypass Windows Mark-of-the-Web (MoTW) Protection

BlueNoroff, which is part of the larger Lazarus Group, is a financially-motivated hacking collective striving to gain financial benefits from its offensive capabilities. The group, known for stealing cryptocurrency and commonly applying Word documents and LNK files for initial intrusion, has currently been leveraging new adversary methods. In the latest attacks, BlueNoroff experiments with new […]

Read More
IcedID Botnet Detection
IcedID Botnet Detection: Malvertising Attacks Abusing Google Pay-Per-Click (PPC) Ads

In late December 2022, cybersecurity researchers observed a new burst of malicious activity distributing the noteworthy IcedID botnet. In this ongoing adversary campaign, threat actors abuse Google pay-per-click (PPC) ads to spread the novel variant of malware tracked as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Detecting IcedID Botnet Infections Through Malvertising In view that the IcedID botnet is constantly evolving, […]

Read More
FateGrab/StealDeal Detection: Phishing Attacks by the UAC-0142 Group Against Ukrainian Government Entities Targeting DELTA Users 

Phishing attacks on Ukrainian state bodies spreading diverse malware strains have not been a rarity throughout 2022. Hard on the heels of a phishing cyber attack against Ukraine distributing DolphinCape malware, another phishing campaign is causing a stir in the cyber threat arena. On December 18, 2022, CERT-UA researchers issued the latest alert tracked as […]

Read More
Detecting Fantasy Data Wiper Leveraged by Agrius APT in a Supply-Chain Attack

Security experts from ESET revealed a destructive operation launched by Iran-backed Agrius APT to target organizations with a novel data wiper. Dubbed Fantasy, the destructive malware has been deployed via a coordinated supply-chain attack abusing the software updates of an unnamed Israeli vendor. Among the victims are HR and IT consulting company, diamond wholesaler, and […]

Read More
DolphinCape Malware Detection
DolphinCape Malware Detection: Phishing Campaign Against Ukrainian Railway Transport Organization of Ukraine “Ukrzaliznytsia” Related to the Use of Iranian Shahed-136 Drones

Since the outbreak of the global cyber war, SOC Prime stays on the frontline helping Ukraine and its allies defend from russian aggression. On December 8, 2022, CERT-UA researchers received information from the cybersecurity department of the state Railway Transport Organization of Ukraine “Ukrzaliznytsia” about the distribution of phishing emails impersonating the State Emergency Service […]

Read More
AppleJeus Malware Detection
AppleJeus Malware Detection: North Korea-Linked Lazarus APT Spreads Malicious Strains Masquerading as Cryptocurrency Apps

A notorious North Korea-backed APT group, Lazarus, continuously broadens its attack surface, leveraging fraudulent cryptocurrency apps to distribute the AppleJeus malware. In this latest adversary campaign, Lazarus hackers use fake cryptocurrency apps dubbed BloxHolder to drop AppleJeus malware, gain initial access to networks, and steal crypto assets. During the last four years, Lazarus APT group […]

Read More
Emotet Botnet Resurfaces to the Email Threat Landscape
Emotet Detection: Infamous Botnet Resurfaces to the Email Threat Landscape

Cybersecurity researchers have observed a burst of the new malicious activity of the Emotet botnet, which has been under the radar for almost half a year. The infamous Trojan attributed to the malicious activity of the TA542 hacking group came back in November 2022, expanding its dominance and impact in the email threat landscape. In […]

Read More