Top IT Security Bloggers

TrendLabs - Malware Blog
  • Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

    TrendLabs - Malware Blog
    We found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.
    The post Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers appeared first on .
  • Netwalker Fileless Ransomware Injected via Reflective Loading

    TrendLabs - Malware Blog
    Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.
    The post Netwalker Fileless Ransomware Injected via Reflective Loading appeared first on .
  • QNodeService: Node.js Trojan Spread via Covid-19 Lure

    TrendLabs - Malware Blog
    QNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things.
    The post QNodeService: Node.js Trojan Spread via Covid-19 Lure appeared first on .
  • May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released

    TrendLabs - Malware Blog
    This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important.
    The post May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released appeared first on .
  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

    TrendLabs - Malware Blog
    We found that Tropic Trooper’s latest activities center on targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information.
    The post Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments appeared first on .
  • New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability

    TrendLabs - Malware Blog
    We found an application sample in April called TinkaOTP, and our investigation showed the application bearing a striking resemblance to Dacls remote access trojan (RAT), a Windows and Linux backdoor discovered in December 2019.
    The post New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability appeared first on .
  • Targeted Ransomware Attack Hits Taiwanese Organizations

    TrendLabs - Malware Blog
    A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption.
    The post Targeted Ransomware Attack Hits Taiwanese Organizations appeared first on .
  • WebMonitor RAT Bundled with Zoom Installer

    TrendLabs - Malware Blog
    We encountered an attack that conceals RevCode WebMonitor RAT by abusing Zoom installers.
    The post WebMonitor RAT Bundled with Zoom Installer appeared first on .
  • Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining

    TrendLabs - Malware Blog
    By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have...
    The post Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining appeared first on .
  • Grouping Linux IoT Malware Samples With Trend Micro ELF Hash

    TrendLabs - Malware Blog
    We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.
    The post Grouping Linux IoT Malware Samples With Trend Micro ELF Hash appeared first on .