New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
Italians Users Targeted By PureLogs Stealer Through Spam Campaigns
New Ransomware Strains Emerging from Leaked Conti’s Source Code
Cyble Research and Intelligence Labs analyzes multiple ransomware strains created based on leaked source code of Conti Ransomware.
Mallox Ransomware showing signs of Increased Activity
“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.
Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)
Cyble Global Sensor Intelligence detects exploitation attempts of CVE-2022-40684, and CRIL observes Fortinet Access distribution in cybercrime forums.
Over 2 million users Affected with Browser Hijackers
Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.
Cyble Phishing ERMAC Android Malware Increasingly Active
CRIL Investigates the resurgence of ERMAC Android Malware as an increasing number of users are falling prey to their phishing attacks.
Fake Ransomware Infection Under widespread
Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.
BitBucket Server and Data Center at risk via Command Injection Vulnerability
Cyble analyzes CVE-2022-36804 affecting Atlassian Bitbucket and how Threat Actors may exploit this in the near future.
New Malware Campaign Targets Zoom Users
Cyble Research and Intelligence Labs analyzes a new malware campaign targeting Zoom users.
Bumblebee Returns with New Infection Technique
Delivers Payload Using Post Exploitation Framework During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns. Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc.
A closer look at Eternity Malware
In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Cyble — Demystifying Money Message Ransomware
CRIL analyses the anatomy of a new ransomware group named Money Message, which can encrypt network shares and target both Windows and Linux.
Cyble — New Cylance Ransomware with Power-Packed CommandLine Options
CRIL analyzes Cylance, a new Ransomware variant that uses command-line options to target both Windows and Linux users.
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
Cyble Research & Intelligence Labs analyzes Cl0p ransomware which is rapidly gaining attention for its success in extorting businesses.
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.
Wave of Arrests Hits Cybercriminals
Cyble reflects on the identification of a forum administrator and two cybercriminals and how it impacts the wider cybercrime ecosystem.
The Growing Threat of ChatGPT-Based Phishing Attacks
Cyble analyzes how Threat Actors are using the recent buzz around ChatGPT to launch Phishing attacks using various methods.
Qakbot's Evolution Continues with New Strategies
Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide,
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
Italians Users Targeted By PureLogs Stealer Through Spam Campaigns
New Ransomware Strains Emerging from Leaked Conti’s Source Code
Cyble Research and Intelligence Labs analyzes multiple ransomware strains created based on leaked source code of Conti Ransomware.
Mallox Ransomware showing signs of Increased Activity
“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.
Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)
Cyble Global Sensor Intelligence detects exploitation attempts of CVE-2022-40684, and CRIL observes Fortinet Access distribution in cybercrime forums.
Over 2 million users Affected with Browser Hijackers
Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.
Cyble Phishing ERMAC Android Malware Increasingly Active
CRIL Investigates the resurgence of ERMAC Android Malware as an increasing number of users are falling prey to their phishing attacks.