Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

Credit to Author: Hitomi Kimura| Date: Wed, 22 Nov 2023 00:00:00 +0000

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.

Read more

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Credit to Author: Buddy Tancio| Date: Thu, 09 Nov 2023 00:00:00 +0000

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.

Read more

Beware: Lumma Stealer Distributed via Discord CDN

Credit to Author: Carl Malipot| Date: Mon, 16 Oct 2023 00:00:00 +0000

This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.

Read more

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Credit to Author: Feike Hacquebord| Date: Fri, 13 Oct 2023 00:00:00 +0000

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.

Read more

DarkGate Opens Organizations for Attack via Skype, Teams

Credit to Author: Trent Bessell| Date: Thu, 12 Oct 2023 00:00:00 +0000

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.

Read more

Exposing Infection Techniques Across Supply Chains and Codebases

Credit to Author: Aliakbar Zahravi| Date: Thu, 05 Oct 2023 00:00:00 +0000

This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.

Read more

APT34 Deploys Phishing Attack With New Malware

Credit to Author: Mohamed Fahmy| Date: Fri, 29 Sep 2023 00:00:00 +0000

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Read more