Tuesday, May 7, 2024
Latest:

Trend Micro Research : Malware

TrendMicro 

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

TH Author , , , ,

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. Read More HERE…

Read more
TrendMicro 

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

TH Author , , ,

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. Read More HERE…

Read more
TrendMicro 

DarkGate Opens Organizations for Attack via Skype, Teams

TH Author , , , , , , , , ,

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment. Read More HERE…

Read more
TrendMicro 

Exposing Infection Techniques Across Supply Chains and Codebases

TH Author , , , , ,

This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. Read More HERE…

Read more
TrendMicro 

APT34 Deploys Phishing Attack With New Malware

TH Author , , , , , ,

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia. Read More HERE…

Read more
TrendMicro 

Attacks on 5G Infrastructure From Users’ Devices

TH Author , , , , , , , , , ,

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks. Read More HERE…

Read more
TrendMicro 

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

TH Author , , ,

While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation. Read More HERE…

Read more
TrendMicro 

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

TH Author , , , ,

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. Read More HERE…

Read more
TrendMicro 

Analyzing a Facebook Profile Stealer Written in Node.js

TH Author , , , ,

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. Read More HERE…

Read more