ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil

Credit to Author: Aliakbar Zahravi| Date: Thu, 23 Nov 2023 00:00:00 +0000

We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.

Read more

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

Credit to Author: Hitomi Kimura| Date: Wed, 22 Nov 2023 00:00:00 +0000

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.

Read more

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

Credit to Author: Peter Girnus| Date: Mon, 20 Nov 2023 00:00:00 +0000

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.

Read more

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Credit to Author: Buddy Tancio| Date: Thu, 09 Nov 2023 00:00:00 +0000

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.

Read more

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Credit to Author: Salim S.I.| Date: Fri, 20 Oct 2023 00:00:00 +0000

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.

Read more

Beware: Lumma Stealer Distributed via Discord CDN

Credit to Author: Carl Malipot| Date: Mon, 16 Oct 2023 00:00:00 +0000

This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.

Read more