Top IT Security Bloggers
TrendLabs - Malware Blog
-
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
TrendLabs - Malware BlogWe found that Tropic Trooper’s latest activities center on targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information.
The post Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments appeared first on . -
New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
TrendLabs - Malware BlogWe found an application sample in April called TinkaOTP, and our investigation showed the application bearing a striking resemblance to Dacls remote access trojan (RAT), a Windows and Linux backdoor discovered in December 2019.
The post New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability appeared first on . -
Targeted Ransomware Attack Hits Taiwanese Organizations
TrendLabs - Malware BlogA new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption.
The post Targeted Ransomware Attack Hits Taiwanese Organizations appeared first on . -
WebMonitor RAT Bundled with Zoom Installer
TrendLabs - Malware BlogWe encountered an attack that conceals RevCode WebMonitor RAT by abusing Zoom installers.
The post WebMonitor RAT Bundled with Zoom Installer appeared first on . -
Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
TrendLabs - Malware BlogBy David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have...
The post Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining appeared first on . -
Grouping Linux IoT Malware Samples With Trend Micro ELF Hash
TrendLabs - Malware BlogWe created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.
The post Grouping Linux IoT Malware Samples With Trend Micro ELF Hash appeared first on . -
Gamaredon APT Group Use Covid-19 Lure in Campaigns
TrendLabs - Malware BlogIn March, we came across an email with a malware attachment that used the Gamaredon group’s tactics. Some of the emails used the coronavirus pandemic as a topic to lure victims into opening emails and attachments.
The post Gamaredon APT Group Use Covid-19 Lure in Campaigns appeared first on . -
Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
TrendLabs - Malware BlogWe have constantly observed suspicious activities caused by adware, with common behaviors that include access to seemingly random domains with alternating consonant and vowel names, scheduled tasks, and in-memory execution via WScript that has proven to be an effective method to hide their operations for at least four years.
The post Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems appeared first on . -
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
TrendLabs - Malware BlogMicrosoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
The post April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities appeared first on . -
Coronavirus Update App Leads to Project Spy Android and iOS Spyware
TrendLabs - Malware BlogWe discovered a cyberespionage campaign we have named Project Spy infecting Android and iOS devices with spyware by using the coronavirus disease (Covid-19) as a lure.
The post Coronavirus Update App Leads to Project Spy Android and iOS Spyware appeared first on .