Another ransomware family appeared this spring and is actively used in targeted attacks against enterprises and government agencies. In mid-May, cybercriminals attacked the network of the Texas Department of Transportation, but unauthorized access was discovered, and as a result, only part of the systems was encrypted. In this attack was used new ransomware – Ransom […]
Taurus information-stealing malware is a relatively new tool created by Predator The Thief team that promotes it on hacker forums. The infostealer can steal sensitive data from browsers, cryptocurrency wallets, FTP, email clients, and various apps. The malware is highly evasive and includes techniques to evade sandbox detection. Adversaries developed a dashboard where their customers […]
As Google and Mozilla bring the widespread use of DNS over HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. The recently discovered versions of PsiXBot abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure. The malware appeared in 2017 as a simple infostealer that is capable […]
This month, researchers discovered a multi-stage attack conducted by an undefined APT group. During this attack, adversaries used the Malleable C2 feature in Cobalt Strike to perform C&C communications and deliver the final payload. Researchers note that attackers use advanced evasion techniques. They observed an intentional delay in executing the payload from the malicious Word […]
Last week, security researchers discovered a curious way to hide the malicious payload in plain sight, and this method is actively used in the wild. Adversaries use fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. In the discovered […]
It’s no secret that phishing attacks are one of the most effective ways to infect the target with malware. Typically, adversaries expect to convince a user to open a malicious document and enable macros or use vulnerabilities in MS Office for deploy malware. We regularly publish rules (1, 2, 3) for detecting phishing campaigns or […]
And again, we want to highlight the content for detecting QBot malware in the Rule of the Week section. About a month ago, a simple but effective rule from Emir Erdogan was already published in this section. But the twelve-year-old Trojan continues to evolve, and just a couple of days ago, fresh samples of this […]
Latin American banking trojans are just about to make a separate trend in malware writing. Adversaries regularly create new Trojans or Exploit Kits to attack bank users in Brazil, Mexico, and Peru, and with each new malicious campaign expand their target lists first to neighboring countries, and then to worldwide campaigns. In our recently published […]
Zoom-themed lures continue to be actively used by cybercriminals, taking pride of place in the top ten most used topics in phishing campaigns. From the very beginning of the lockdown, as the Zoom popularity grew, the number of attacks increased, and even after researchers discovered serious security problems with the service, many organizations did not […]
Lokibot is trojan-type malware designed to collect a wide range of sensitive data. It was first noticed in 2015 and remains very popular among cybercriminals as it can be purchased at the underground forum by any attacker. A couple of years ago, “tinkerers” learned how to add C&C infrastructure addresses to the Trojan on their […]