Securelist

Dtrack Malware Operations Expanded to Europe and Latin America

DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets.

Malicious Tor Browser spreads through YouTube

One of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. It also gives attackers the ability to execute shell commands.

Analysis of DeftTorero TTPs in 2019–2021

During the intrusion analysis of DeftTorero’s webshells, researchers noted traces suggesting that the threat actor exploited a file upload form and/or a command injection flaw in a functional or staging website hosted on the target web server.

Prilex Malware Evolves from Targeting ATMs to Now Undoing Point-of-Sale Systems

Active since 2014, in 2016, the group decided to give up ATM malware and focus all of its attacks on PoS systems, targeting the core of the payment industry. The group has extensive knowledge of the payment market, and EFT software and protocols.

NullMixer drops Redline Stealer, SmokeLoader and other malware

The infection vector of NullMixer is based on a ‘User Execution’ malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually.

Spam email campaign targeting businesses delivers the Agent Tesla stealer

In a new malspam campaign, someone posing as a Malaysian prospect and using a fairly odd variety of English, asks the recipient to review some customer requirements and get back with the requested documents.

RedLine Spreads Through Ads for Game Cheats and Cracks on YouTube

Using its self-propagation functionality, several files in the malicious bundle receive videos and post them to the infected users’ YouTube channels along with the links to a password-protected archive with the bundle in the description.

Overview of gaming-related malware, PUAs and phishing

As per Kaspersky, the total number of users who encountered gaming-related malware and unwanted software from July 1, 2021, through June 30, 2022, was 384,224, with 91,984 files distributed under the guise of twenty-eight games or series of games.

Andariel Deployed DTrack and Maui Ransomware in Recent Attacks

Because the malware in this early incident was compiled on April 15th, 2021, and compilation dates are the same for all known samples, this incident is possibly the first ever involving the Maui ransomware.

Malicious NPM Packages Steal Discord Tokens and Bank Card Data

All these packages contained highly obfuscated malicious Python and JavaScript code. The Python malware is a modified version of an open-source token logger called Volt Stealer.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags