Malwarebytes Labs

The many tentacles of Magecart Group 8

RiskIQ researchers recently unraveled a large part of the infrastructure used by Magecart Group 8 and how they migrated to different hosts in particular Flowspec and OVH over time.

Microsoft warns about phishing campaign using open redirects

The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links.

Analysts "strongly believe" the Russian state colludes with ransomware gangs

Despite the criminal charges, the Russian government protects the individuals behind the attacks. It does not consider their ransomware attacks a crime as long as they don't target Russian firms.

If a QR code leads you to a Bitcoin ATM at a gas station, it's a scam

Whether by QR code and bogus website or plain old unsolicited telephone call, the outcome is typically the same. Monthly fees going out of the victim’s bank account until they notice something amiss.

Crimea "manifesto" deploys VBA Rat using double attack vectors

Researchers identified a maldoc named “????????.docx” (“Manifest.docx”) that downloads and executes two templates, one is macro-enabled and the other is an HTML object containing an IE exploit.

The Olympics: a timeline of scams, hacks, and malware

While actual, measurable cyberrattacks and hacks surrounding the Olympics did not start until 2008 in Beijing, the Olympics have traditionally been a target for malicious acts of all kinds.

Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach

The flaws affecting Kaseya Unitrends include a mixture of authenticated remote code execution, authenticated privilege escalation, and unauthenticated remote code execution on the client side.

OSX.XLoader hides little except its main purpose: What we learned in the installation process

XLoader appears to be distributed within a .jar file. Such a file contains code that can be executed by Java, dropping the malware on the system. One major advantage, for the attacker, of using Java is that the “dropper” can be cross-platform.

AvosLocker enters the ransomware scene, asks for partners

Avos is a relatively new ransomware, that was observed in late June and early July. Its authors announced recruitment for “pentesters with Active Directory network experience" and “access brokers."

The life and death of the ZeuS Trojan

First spotted in the wild in 2007, the earliest known version of the ZeuS Trojan was caught stealing sensitive information from systems owned by the United States Department of Transformation.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags