dcsimg

Say hello to Baldr, a new stealer on the market

By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. One such new stealer, called Baldr, first appeared in January 2019, and our analysis of this malware finds that its authors were serious about making a long-lasting product. Unlike many banking Trojans that wait for the victim to log into their … [Read more...]

Plugin vulnerabilities exploited in traffic monetization schemes

In their Website Hack Trend Report, web security company Sucuri noted that WordPress infections rose to 90 percent in 2018. One aspect of Content Management System (CMS) infections that is sometimes overlooked is that attackers not only go after the CMSes themselves—WordPress, Drupal, etc.—but also third-party plugins and themes. While plugins are useful in providing additional features for … [Read more...]

The Advanced Persistent Threat files: Lazarus Group

We’ve heard a lot about Advanced Persistent Threats (APTs) over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a person, business, or other organization—APTs are often associated with government or military … [Read more...]

The Advanced Persistent Threat Files: APT1

We’ve heard a lot about Advanced Persistent Threats (APTs) over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a person, business, or other organization—APTs are often associated with government or military … [Read more...]

Vidar and GandCrab: stealer and ransomware combo observed in the wild

We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we initially identified as Arkei turned out to be Vidar, a new piece of malware recently analyzed in detail by Fumik0_ in his post: Let’s dig into Vidar – An Arkei Copycat/Forked Stealer (In-depth analysis). In Norse Mythology, Víðarr is a god and son of … [Read more...]

Web skimmers compete in Umbro Brasil hack

Umbro, the popular sportswear brand has had their Umbro Brasil website hacked and injected with not one but two web skimmers part of the Magecart group. Magecart has become a household name in recent months due to high profile attacks on various merchant websites. Criminals can seamlessly steal payment and contact information from visitors purchasing products or services online. Multiple threat … [Read more...]

Internet Shortcut used in Necurs malspam campaign

The Necurs botnet continues to be one of the most prolific malicious spam distributors, with regular waves of carefully-crafted attachments that are used to download malware. The majority of malspam campaigns that we track are targeting Microsoft Office with documents containing either macros or exploits. We also see a number of other types of malicious attachments that are zipped scripts (.VBS, … [Read more...]

Massive DDoS attack washes over GitHub

There’s been some huge DDoS (distributed denial of service) attacks over the years, but we’ve been…lucky?…enough to witness the latest raising of the stakes in the last couple of days. GitHub, an incredibly important code resource for major organisations around the world, fell victim to a colossal DDoS attack on Wednesday—the largest ever on record—helped along by something … [Read more...]