Category: Malware Descriptions

RDPSecurity FeedsMalware DescriptionsFeaturedTargeted AttacksMalware TechnologiesMalware reportsexploit kits

IT threat evolution Q2 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps in Google Play and elsewhere. Dr Web first reported the malware in July 2019, but we decided to investigate because the Trojan was more sophisticated than most malware for stealing money…

Security FeedsMalware DescriptionsAPTAPT reportsFeaturedTargeted AttacksGoogle AndroidMalware TechnologiesRAT TrojanMicrosoft Office

Transparent Tribe: Evolution analysis,part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of two articles written to share the results of our recent investigations into Transparent Tribe. In the previous article, we described the various Crimson RAT…

Security FeedsMalware DescriptionsAPT reportsFeaturedTargeted AttacksCybercrimeMalware TechnologiesSpear Phishing

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much more immediate threats, from ransomware and customer information leaks, to competitors engaging in unethical business practices. In this blog post, we’ll be focusing on DeathStalker: a unique threat…

Security FeedsMalware DescriptionsAPTMalware StatisticsAPT reportsFeaturedWormTargeted AttacksMalware TechnologiesRAT TrojanKeyloggersTransparent Tribe

Transparent Tribe: Evolution analysis, part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT threat intelligence reports, and subscribers of that service already know that in the last four years, this APT group has never taken time off. They…

Security FeedsMalware DescriptionsAPT reportsFeaturedTargeted AttacksMalware TechnologiesSpear PhishingData theft

CactusPete APT group’s updated Bisonal backdoor

CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has been focused on military, diplomatic and infrastructure targets in Asia and Eastern Europe. This is also true of the group’s latest activities. A new CactusPete campaign, spotted at the…

Security FeedsMalware DescriptionsFeaturedTargeted AttacksMalware Technologies

WastedLocker: technical analysis

The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official statement later, the cause of the downtime was a cybersecurity incident involving data encryption. The situation was so dire that at the time of writing of this post (7/29) the operation of…

Security FeedsBotnetsMalware DescriptionsAPT reportsFeaturedTargeted AttacksCybercrimeMalware TechnologiesLazarus

Lazarus on the hunt for big game

We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is structured. Structure of the ransomware ecosystem Criminals piggyback on widespread botnet…

Security FeedsMalware DescriptionsAPTAPT reportsFeaturedCybercrimeMalware TechnologiesApple MacOSLazarus

MATA: Multi-platform targeted malware framework

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework possesses several components, such as loader, orchestrator and plugins. This comprehensive framework is able to target Windows, Linux and macOS operating systems. The first artefacts we found relating to…

Security FeedsMalware DescriptionsMalware StatisticsCybercrimeTorrentPiracy

The Streaming Wars: A Cybercriminal’s Perspective

Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam by everyday users. And, one of the areas where we’re most vulnerable is entertainment—particularly when we’re so used to finding everything and anything we want to watch or play for little or no money online. That’s why, last year, we took a look at how cybercriminals use popular shows to spread malware. This year…