Top IT Security Bloggers
TrendLabs - Malware Blog
-
DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
TrendLabs - Malware BlogWe found new details on the tools and techniques the Momentum botnet is currently using to compromise devices and perform distributed denial-of-service (DDoS) attacks, and propagate with numerous exploits.
The post DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet appeared first on . -
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
TrendLabs - Malware BlogThe threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
The post More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting appeared first on . -
(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
TrendLabs - Malware BlogCryptocurrencies' values are increasing again, which may explain why the number of stealthy techniques to deliver them have also increased this year. We found another campaign using process hollowing and a dropper component to evade detection and analysis, and can potentially be used for other malware payloads.
The post (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing appeared first on . -
Waterbear is Back, Uses API Hooking to Evade Security Product Detection
TrendLabs - Malware BlogIn one of its recent campaigns, we’ve discovered a piece of Waterbear payload with a brand-new purpose: hiding its network behaviors from a specific security product by API hooking techniques. In our analysis, we have discovered that the security vendor is APAC-based, which is consistent with BlackTech’s targeted countries.
The post Waterbear is Back, Uses API Hooking to Evade Security Product Detection appeared first on . -
December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
TrendLabs - Malware BlogMicrosoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fixed vulnerabilities were disclosed to the public before patching, although one was under active attack at the time of the patch.
The post December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes appeared first on . -
Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
TrendLabs - Malware BlogIn November 2019, we published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of obfuscation tools that made them virtually undetectable.
The post Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign appeared first on . -
Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
TrendLabs - Malware BlogWe found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle.press/, which was advertising a chat app called “Chatrious.” Users can download the malicious Android application package (APK) file by clicking the download button indicated on the site.
The post Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack appeared first on . -
Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
TrendLabs - Malware BlogWe found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group's sponsor and endanger national security. In this research brief, we show the timeline of the group's activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.
The post Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK appeared first on . -
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
TrendLabs - Malware BlogCVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many applications still use the older version and remain at risk.
The post Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps appeared first on . -
Mac Backdoor Linked to Lazarus Targets Korean Users
TrendLabs - Malware BlogBy Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a...
The post Mac Backdoor Linked to Lazarus Targets Korean Users appeared first on .