Analyzing and remediating a malware infested T95 TV box from Amazon
Find out why one of our Android experts has been obsessing over a little black box from Amazon.
IT specialists search and recruitment on the dark web
We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like.
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
Can you rely on macOS Ventura for malware protection?
Samples of four malicious software downloaded and run on macOS 13.1. Could it detect and block them effectively? Or do you need 3rd party protection?
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Google Ads Exploited to Spread Malware
Google Ads is one of the most popular advertising platform, but it's also a target for cybercriminals. Learn how they are using it to spread malware.
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. Adding customized malware payloads, threat actors are raising the bar for successful malware deployments on Personal PCs with ad words like Grammarly, Malwarebytes, and Afterburner as well as with Visual Studio, Zoom, Slack, and even Dashlane to target organizations.
Accidentally Crashing a Botnet
As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.
Misconfigured PostgreSQL Used to Target Kubernetes Clusters
Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained
Raspberry Robin's botnet second life
Raspberry Robin appears to be a type of Pay-Per-Install botnet, likely to be used by cybercriminals to distribute other malware.
How do you know when macOS detects and remediates malware?
macOS may alert you when you’re trying to open or run a file, with an alert informing you that malware was detected. But what about in scans?
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
Italians Users Targeted By PureLogs Stealer Through Spam Campaigns
ZetaNile: Open source software trojans from North Korea
ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.
New RisePro Stealer distributed by the prominent PrivateLoader
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.
Shlayer malware abusing Gatekeeper bypass on macOS
Shlayer malware bypasses Gatekeeper security protections on macOS to execute unauthorized software without requiring approval.
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites
FortiGuard Labs encountered an unreported CMS scanner and brute forcer written in the Go programming language. Read our analysis of the malware and how this active botnet scans and compromises websites.
Scammers Are Scamming Other Scammers Out of Millions of Dollars
On cybercrime forums, user complaints about being duped may accidentally expose their real identities.
Pilfered Keys Free App Infected by Malware Steals Keychain Data
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
Samsung, LG, Mediatek certificates compromised to sign Android malware
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.
Aurora: a rising stealer flying under the radar
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.