Found 4 bookmarks
Custom sorting
HijackLoader evolution: abusing genuine signing certificates
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
#harfanglab#EN#2024#HijackLoader#captcha#fake#malicious#loader#campaign
·harfanglab.io·
HijackLoader evolution: abusing genuine signing certificates
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
#trellix#EN#2024#fake#antivirus#AV#malicious#research
·trellix.com·
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting