dcsimg
January 11, 2021

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe won’t be supporting the updating and patching of its Flash Player software; covered the ransomware attack against Funke Media Group, one of Germany’s largest publishers; and … [Read more...]

Filed Under: a week in security, Adobe Flash Player, APT37, BitCoin Scam, Bitcoin sextortion, chastity belt, chinese apt, covid-19 scams, credential leak, fake copyright violations, funke media group, Instagram scams, IoT, Juspay, online video gaming, overpayment scam, rat, rokrat, sextortion scam, vpn
September 23, 2020

Phishers spoof reliable cybersecurity training company to garner clicks

“It happens to the best of us.” And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4—a trusted cybersecurity company that offers security awareness training for organizations—to gain recipients’ trust, their Microsoft Outlook credentials, and other personally identifiable information (PII). This is … [Read more...]

Filed Under: Cofense, cybersecurity training, KnowBe4, phishing, phishing scam, rat, remote access Trojan, scams
June 4, 2020

New LNK attack tied to Higaisa APT discovered

This post was authored by Hossein Jazi and Jérôme Segura On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa. The Higaisa APT is believed to be tied to the Korean peninsula, and was first disclosed by Tencent Security Threat Intelligence Center in early 2019. The group’s activities go back to at least … [Read more...]

Filed Under: APT, Higaisa, korea, LNK, Malware, PlugX, rat, Threat analysis
May 6, 2020

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan (RAT) associated with North Korea’s Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was discovered by Qihoo 360 NetLab in December 2019 as a fully functional covert remote access … [Read more...]

Filed Under: APT, Dacls, Lazarus, Mac, Malware, rat, Threat analysis, tinkaOTP
March 23, 2020

Fake “Corona Antivirus” distributes BlackNET remote administration tool

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your computer, especially if you are connecting to your company’s network, becomes more important. … [Read more...]

Filed Under: antivirus, botnet, coronavirus, covid-19, fake, Malware, rat, Social engineering, Threat analysis
March 16, 2020

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiting from global health concerns, natural … [Read more...]

Filed Under: APT, APT36, coronavirus, coronavirus malware, covid-19, credential stealer, crimson rat, exploit, Exploits, info-stealer, macro, malicious macro, Malware, nation-state attack, rat, remote administration tool, Social engineering, spear phishing, spear phishing attack, Threat analysis, transparent tribe
January 27, 2020

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes. Other cybersecurity news Cisco’s Talos Intelligence Group discovered a new data stealer and … [Read more...]

Filed Under: a week in security, Apple, awis, blog recap, breach, facebook phishing, fake job listings, Google, hiring scam, JhoneRAT, Nest IOT, PupyRAT, ransomware, rat, remote access Trojan, sextortion, tech support scam, THSuite, Tinder, weekly blog roundup
September 3, 2019

New social engineering toolkit draws inspiration from previous web campaigns

Some of the most common web threats we track have a social engineering component. Perhaps the more popular ones are those encountered via malvertising, or hacked websites that push fraudulent updates. We recently identified a website compromise with a scheme we had not seen before; it’s part of a campaign using a social engineering toolkit that has drawn over 100,000 visits in the past … [Read more...]

Filed Under: Domen, eitest, FakeUpdates, hoeflertext, NetSupport, rat, SocGholish, Social engineering
October 2, 2018

Fortnite gamers targeted by data theft malware

The new season of the incredibly popular video game Fortnite is upon us, and so too are the scams. It’s no surprise that con artists would jump on this bandwagon, eager to peddle their fakeouts. Only this time, scammers had something a little more dangerous in mind than your typical low-level surveys and downloads that never actually materialize. Among all the gluttony of scams there hid a … [Read more...]

Filed Under: .EXE, bitcoin, bt-fortnite-cheats(dot)tk, cybercrime, fortnite, fortnite malware, free V-Bucks, games, Gaming, Malware, rat, stealer, steam, Sub2Unlock, Trojan.Malpack, video games, wallet
September 26, 2018

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static domain has been active since at least early July, and is being redirected to from an adult website … [Read more...]

Filed Under: anti exploit, CVE-2018-8174, CVE-2018-8373, exploit, Exploits, Indicators of compromise, IOC, IOCs, pastebin, patch, Quasar, rat, remote administration tool, Threat analysis, virustotal, vulnerabilities, vulnerability
Next Page »