ThreatsHub.org
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign. Read More HERE…
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector. Read More HERE…
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023. Read More HERE…
In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. Read More HERE…
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. Read More HERE…
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems. Read More HERE…
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. Read More HERE…
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. Read More HERE…
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack. Read More HERE…
An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021. Read More HERE…