New Info Stealer Bandit Stealer Targets Browsers, Wallets
This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets. Read More HERE…
Trend Micro Research : Endpoints
Future Exploitation Vector: File Extensions as Top-Level Domains
In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards. Read More HERE…
BlackCat Ransomware Deploys New Signed Kernel Driver
In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase. Read More HERE…
8220 Gang Evolves With New Strategies
We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability. Read More HERE…
Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules
Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work. Read More HERE…
Malicious AI Tool Ads Used to Deliver Redline Stealer
We’ve been observing malicious advertisement campaigns in Google’s search engine with themes that are related to AI tools such as Midjourney and ChatGPT. Read More HERE…
Attack on Security Titans: Earth Longzhi Returns With New Tricks
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat. Read More HERE…
Rapture, a Ransomware Family With Similarities to Paradise
In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack. Read More HERE…
ViperSoftX Updates Encryption, Steals Data
We observed cryptocurrency and information stealer ViperSoftX evading initial loader detection and making its lure more believable by making the initial package loader via cracks, keygens, activators, and packers non-malicious. We also noted more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking. Read More HERE…
An Analysis of the BabLock (aka Rorschach) Ransomware
This blog post analyzes a stealthy and expeditious ransomware called BabLock (aka Rorschach), which shares many characteristics with LockBit. Read More HERE…