Found 3 bookmarks
Custom sorting
When Guardians Become Predators: How Malware Corrupts the Protectors
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
#trellix#EN#2024#research#Avast#Anti-Rootkit#driver#malware#aswArPot.sys#analysis
·trellix.com·
When Guardians Become Predators: How Malware Corrupts the Protectors
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
#trellix#EN#2024#fake#antivirus#AV#malicious#research
·trellix.com·
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement's (LE) "Operation Cronos" aimed at dismantling LockBit's infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation. Concurrently, alongside the resurgence of LockBit's exploitation of ScreenConnect vulnerabilities, we have seen other threat actors have either impersonated LockBit ransomware or incorporated LockBit into their own cyber attack campaigns.
#Trellix#EN#2024#LockBit-related#LockBit#campaigns#ransomware#LockBitSupp
·trellix.com·
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups