dcsimg
January 27, 2020

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes. Other cybersecurity news Cisco’s Talos Intelligence Group discovered a new data stealer and … [Read more...]

Filed Under: a week in security, Apple, awis, blog recap, breach, facebook phishing, fake job listings, Google, hiring scam, JhoneRAT, Nest IOT, PupyRAT, ransomware, rat, remote access Trojan, sextortion, tech support scam, THSuite, Tinder, weekly blog roundup
September 3, 2019

New social engineering toolkit draws inspiration from previous web campaigns

Some of the most common web threats we track have a social engineering component. Perhaps the more popular ones are those encountered via malvertising, or hacked websites that push fraudulent updates. We recently identified a website compromise with a scheme we had not seen before; it’s part of a campaign using a social engineering toolkit that has drawn over 100,000 visits in the past … [Read more...]

Filed Under: Domen, eitest, FakeUpdates, hoeflertext, NetSupport, rat, SocGholish, Social engineering
October 2, 2018

Fortnite gamers targeted by data theft malware

The new season of the incredibly popular video game Fortnite is upon us, and so too are the scams. It’s no surprise that con artists would jump on this bandwagon, eager to peddle their fakeouts. Only this time, scammers had something a little more dangerous in mind than your typical low-level surveys and downloads that never actually materialize. Among all the gluttony of scams there hid a … [Read more...]

Filed Under: .EXE, bitcoin, bt-fortnite-cheats(dot)tk, cybercrime, fortnite, fortnite malware, free V-Bucks, games, Gaming, Malware, rat, stealer, steam, Sub2Unlock, Trojan.Malpack, video games, wallet
September 26, 2018

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static domain has been active since at least early July, and is being redirected to from an adult website … [Read more...]

Filed Under: anti exploit, CVE-2018-8174, CVE-2018-8373, exploit, Exploits, Indicators of compromise, IOC, IOCs, pastebin, patch, Quasar, rat, remote administration tool, Threat analysis, virustotal, vulnerabilities, vulnerability
July 25, 2018

Trojans: What’s the real deal?

The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for Trojan is, in fact, their big wooden horse thingy (vs. computer infections or dubious businesses). Sorry, fictional ancient Greek warriors. It’s not that we don’t think you’re a big deal—that film with Brad Pitt was at least a 6 out of 10. It’s just that at this … [Read more...]

Filed Under: botnet, cybercrime, ddos, downloader, Malware, Mobile, rat, Trojans, virus
June 25, 2018

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for the skills shortage in cybersecurity. Other news Security researchers pointed a finger at China for … [Read more...]

Filed Under: android malware, android rat, Android spyware, andy android emulator, cybersecurity skills gap, DNS rebinding, Fake Fortnite, insecure web apps, insecure website, malicious spam, mylobot, netflix phish, rat, recruitment portal flaws, SamSam ransomware, Security world, skills shortage, wanna ransomware, wannacry scam, Week in security, world cup phishing
April 10, 2018

‘FakeUpdates’ campaign leverages multiple website platforms

A malware campaign which seems to have started at least since December 2017 has been gaining steam by enrolling a growing number of legitimate but compromised websites. Its modus operandi relies on social engineering users with fake but convincing update notifications. Similar techniques were used by a group leveraging malvertising on high traffic websites such as Yahoo to distribute ad fraud … [Read more...]

Filed Under: chrome, Chtonic, fake updates, FakeUpdates, firefox, flash, Joomla, malvertising, Malware, rat, Social engineering, Squarespace, Threat analysis, wordpress