How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

Credit to Author: Trend Micro Research| Date: Mon, 11 Jul 2022 00:00:00 +0000

In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community.

Read more

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server

Credit to Author: Nathaniel Morales| Date: Wed, 06 Jul 2022 00:00:00 +0000

We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection.

Read more

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Credit to Author: Shingo Matsugaya| Date: Mon, 27 Jun 2022 00:00:00 +0000

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

Read more

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Credit to Author: Don Ovid Ladores| Date: Wed, 08 Jun 2022 00:00:00 +0000

Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report.

Read more

Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

Credit to Author: Paul Pajares| Date: Thu, 02 Jun 2022 00:00:00 +0000

Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the group and their modus operandi.

Read more

AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell

Credit to Author: Christoper Ordonez| Date: Mon, 02 May 2022 00:00:00 +0000

We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.

Read more

New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

Credit to Author: Arianne Dela Cruz| Date: Wed, 25 May 2022 00:00:00 +0000

New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report.

Read more