Credit to Author: Ted Lee| Date: Wed, 30 Aug 2023 00:00:00 +0000
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.
Read moreCredit to Author: Trend Micro Research| Date: Tue, 29 Aug 2023 00:00:00 +0000
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.
Read moreCredit to Author: Jindrich Karasek| Date: Wed, 23 Aug 2023 00:00:00 +0000
In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.
Read moreCredit to Author: Don Ovid Ladores| Date: Mon, 07 Aug 2023 00:00:00 +0000
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Mon, 07 Aug 2023 00:00:00 +0000
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.
Read moreCredit to Author: Trend Micro Research| Date: Fri, 28 Jul 2023 00:00:00 +0000
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read more