MalwareMustDie analyzed new APT Campaign with the Poison Ivy RAT payload. Malware is using obfuscated VBScript, Power Shell to finally drop well known RAT. 'The concept of infection is fileless, it's avoiding known signature for detection by multiple encodings and wraps, and it is also 100% avoiding the original attacker's working territory.'
Posted
#Weekly-News
People around the Azerbaijan human rights activist and lawyer received spear phishing messages. Multi-year investigation by the Amnesty Global Insights. Keyloggging, screenshots, etc.
Posted
#Weekly-News
Cisco Talos analyzed PowerShell trojan 'DNSMessenger' that communicates with the command and control server using DNS TXT record queries.
Posted
#Weekly-News
Malware samples recovered from watering hole attacks against the Polish financial regulator's website contain false flags that fraudulently suggest Russian actors are behind the campaign. BAE Systems Threat Research attributed the attack to the notoriously known Lazarus Group.
Posted
#Weekly-News
Ukraine’s security service attributed Russia as an actor behind ongoing malware attacks against their critical infrastructure.
Posted
#Weekly-News
A new malware called MacDownloader, attributed to the Iran, targeting macOS systems spotted in the wild. Spreading as an Adobe Flash installer or a Bitdefender Adware Removal Tool, depend on social engineering. After installation, it attempts to exfiltrate OS X keychain database as well as the other system information.
Posted
#Weekly-News
Egyptian human rights activists, dissidents, lawyers and journalists targeted by the phishing campaign. Links received by the email lead to a fake login page designed to trick the targets into giving away their Dropbox credentials.
Posted
#Weekly-News
LUNAR is a UNIX security auditing tool which generates a scored audit report of a Unix host's security.
Posted
#Weekly-News
Trustwave released the Carbanak gang campaign threat report called 'Operation Grand Mars'. The paper explains the modus operandi of the Carbanak group, malware distribution techniques, attack vectors. The interesting point is that the group uses Google Apps, Sheets and Forms as a part of their Command & Control infrastructure. But Trustware is not the only one reporting about this.
Posted
#Weekly-News
Brother and sister arrested in Italy for spying on top public officials, businessmen and institutions. They wrote a VB.NET malware with RAT / spyware features. They infected high level targets via spear-phishing and pivoted on their email to infect more higher level targets. They had terrible OPSEC, bought some domains and hosting with real names.
Posted
#Weekly-News