PurpleFox Adds New Backdoor That Uses WebSockets Threat Intelligence Analyst Director, MDR Operations Threat Intelligence Analyst

In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read More HERE…

Read more

Ransomware Operators Found Using New “Franchise” Business Model Sr. Threat Researcher

We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a “supplier” ransomware before deployment instead of simply distributing it under the original name. Read More HERE…

Read more

Fake Installers Drop Malware and Open Doors for Opportunistic Attackers Threats Analyst

We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications. Read More HERE…

Read more

Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Threat Researcher Sr. Threat Researcher

In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail. Read More HERE…

Read more

This Week in Security News – September 3, 2021 VP, Threat Intelligence

Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files Read More HERE…

Read more