Morphisec

NFT-001 Malware Gets New Staged Downloader with Improved Evasion Abilities

The threat actor has now switched from the Babadeda crypter to a new staged downloader while using the same delivery infrastructure as before. The new downloader adds increased defense evasion abilities to this malware.
August 12, 2022

APT-C-35: New Windows Framework Revealed

For initial infection, the DoNot Team uses spear phishing emails containing malicious attachments. To load the next stage they leverage Microsoft Office macros and RTF files exploiting Equation Editor vulnerability and remote template injection.

SYK Crypter Distributing Malware Families via Discord

This crypter delivers many malware families, such as AsyncRAT, njRAT, QuasarRAT, WarzoneRAT, NanoCore RAT, and RedLine Stealer, putting organizations in every sector and industry at risk.

Remcos Trojan: Analyzing the Attack Chain

This infection contains many stages and largely depends on the C2 server, which stores the required files for each stage. The attacker also uses a password-protected .xls file to lower the detection rate.

Mars Stealer: Exclusive New Threat Research

Whoever released the cracked Mars Stealer without official support has led threat actors to improperly configure their environment, exposing critical assets to the world.

New JSSLoader Trojan Delivered Through XLL Files

Attackers are now using .XLL files to deliver a new, obfuscated version of JSSLoader. This new malware variant utilizes the Excel add-ins feature to load the malware and inspect the changes inside.

NFT Buyers Beware: Journey of a Crypto Scammer and How to Stop Them

The evolved malware crypters observed by Morphisec in the new campaign continue to be delivered through malicious Discord bots operating within NFT and crypto communities.

New AsyncRAT Threat Campaign Introduces New Delivery Technique

Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT designed to remotely monitor and control infected PCs through a secure, encrypted connection.

Babadeda Crypter Targets Cryptocurrency, NFT, and DeFi Communities Through Discord

The crypter that this campaign uses, dubbed Babadeda (a Russian language placeholder used by the crypter which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions.

DECAF Ransomware: A New Golang Threat Makes Its Appearance

Morphisec Labs has identified a new strain of ransomware, implemented in Go 1.17 and named DECAF. The first version, which includes symbols and test assertion, was identified in late September.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags