Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. Read More HERE…

Read more

Exposing Infection Techniques Across Supply Chains and Codebases

This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. Read More HERE…

Read more

Attacks on 5G Infrastructure From Users’ Devices

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks. Read More HERE…

Read more

Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores

The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023. Read More HERE…

Read more

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. Read More HERE…

Read more

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023. Read More HERE…

Read more

Earth Preta’s Cyberespionage Campaign Hits Over 200

We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. Read More HERE…

Read more

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. Read More HERE…

Read more

New APT34 Malware Targets The Middle East

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. Read More HERE…

Read more