Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Credit to Author: Junestherry Dela Cruz| Date: Tue, 17 Jan 2023 00:00:00 +0000

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).

Read more

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Credit to Author: Peter Girnus| Date: Tue, 17 Jan 2023 00:00:00 +0000

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Read more

Abusing a GitHub Codespaces Feature For Malware Delivery

Credit to Author: Nitesh Surana| Date: Mon, 16 Jan 2023 00:00:00 +0000

Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server.

Read more

Gootkit Loader Actively Targets Australian Healthcare Industry

Credit to Author: Hitomi Kimura| Date: Mon, 09 Jan 2023 00:00:00 +0000

We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player.

Read more

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Credit to Author: Ian Kenefick| Date: Fri, 23 Dec 2022 00:00:00 +0000

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks.

Read more

Detecting Windows AMSI Bypass Techniques

Credit to Author: Jiri Sykora| Date: Wed, 21 Dec 2022 00:00:00 +0000

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™.

Read more

Raspberry Robin Malware Targets Telecom, Governments

Credit to Author: Christopher So| Date: Tue, 20 Dec 2022 00:00:00 +0000

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

Read more