Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Credit to Author: Joseph C Chen| Date: Mon, 18 Sep 2023 00:00:00 +0000

While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation.

Read more

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Credit to Author: Hitomi Kimura| Date: Wed, 13 Sep 2023 00:00:00 +0000

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Read more

Analyzing a Facebook Profile Stealer Written in Node.js

Credit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

Read more

Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores

Credit to Author: Trend Micro Research| Date: Tue, 29 Aug 2023 00:00:00 +0000

The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.

Read more

Monti Ransomware Unleashes a New Encryptor for Linux

Credit to Author: Nathaniel Morales| Date: Mon, 14 Aug 2023 00:00:00 +0000

The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.

Read more