ThreatsHub.org
This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities. Read More HERE…
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023. Read More HERE…
We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability. Read More HERE…
We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads. Read More HERE…
We observed cryptocurrency and information stealer ViperSoftX evading initial loader detection and making its lure more believable by making the initial package loader via cracks, keygens, activators, and packers non-malicious. We also noted more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking. Read More HERE…
We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers. Read More HERE…
Trend Micro co-Authors Cyber Mercenary Principles to help guide the technology industry and others in dealing with the growing market of cyber mercenaries. Read More HERE…
We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. Read More HERE…
We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems. Read More HERE…
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023. Read More HERE…