Groups Target Alibaba ECS Instances for Cryptojacking
We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. Read More HERE…
Trend Micro Research : Malware
Does Home IoT Compromise Enterprise Security?
The most recent Pwn2Own (Fall 2021 Pwn2Own Austin) includes more IoT entries than ever. This gives us an opportunity to probe today’s largest and newest enterprise attack surface: the home office. Read More HERE…
PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read More HERE…
PurpleFox Adds New Backdoor That Uses WebSockets Threat Intelligence Analyst Director, MDR Operations Threat Intelligence Analyst
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read More HERE…
Ransomware Operators Found Using New “Franchise” Business Model Sr. Threat Researcher
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a “supplier” ransomware before deployment instead of simply distributing it under the original name. Read More HERE…
Actors Target Huawei Cloud Using Upgraded Linux Malware Sr. Security Researcher Threat Researcher
In this article, we discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud. Read More HERE…
Mac Users Targeted by Trojanized iTerm2 App Threats Analyst Threats Analyst
We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine. Read More HERE…
Fake Installers Drop Malware and Open Doors for Opportunistic Attackers Threats Analyst
We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications. Read More HERE…
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Threat Researcher Sr. Threat Researcher
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail. Read More HERE…
This Week in Security News – September 3, 2021 VP, Threat Intelligence
Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files Read More HERE…