Credit to Author: Joseph C Chen| Date: Mon, 18 Sep 2023 00:00:00 +0000
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Read moreCredit to Author: Hitomi Kimura| Date: Wed, 13 Sep 2023 00:00:00 +0000
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Read moreCredit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.
Read moreCredit to Author: Trend Micro Research| Date: Tue, 29 Aug 2023 00:00:00 +0000
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.
Read moreCredit to Author: Jindrich Karasek| Date: Wed, 23 Aug 2023 00:00:00 +0000
In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.
Read moreCredit to Author: Nathaniel Morales| Date: Mon, 14 Aug 2023 00:00:00 +0000
The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.
Read moreCredit to Author: Trend Micro Research| Date: Wed, 09 Aug 2023 00:00:00 +0000
In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Mon, 07 Aug 2023 00:00:00 +0000
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.
Read more