Trend Micro

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

CopperStealer binary was observed being encrypted and appended to a legitimate application with its entry point overwritten by a shellcode. This shellcode reads an offset of the payload and XOR decryption key from the executable file header.

Shipping Scams of the Week: BHL and USPS

The scammers have borrowed the DHL company brand — even going so far as to mimic its colors, logo, and web design. Netizens have also reported receiving phishing emails from scammers posing as USPS.

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

While the updates did not change much in terms of overall functionality, researchers believe that it aims to optimize its execution, minimize unintended system behavior, and provide technical support to ransomware victims if they choose to negotiate.

DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme

DeadBolt is peculiar not only for the scale of its attacks but also for several advanced tactics and techniques that its malicious actors have implemented, such as giving multiple payment options, one for the user and two for the vendor.

New Linux-Based Ransomware 'Cheerscrypt' Targets VMware ESXi Servers

In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware.

Kingminer Botnet Attacks Microsoft SQL Server

Researchers observed a VBScript file executed through sqlservr.exe. This led them to the suspicion that the device had been exploited through a vulnerability that allowed malicious actors to execute arbitrary codes remotely.

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants. Since its discovery, the spyware has continuously beleaguered Google Play.

Examining the Black Basta Ransomware’s Infection Routine

Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks. This blog entry takes a closer look at the Black Basta ransomware and analyzes this newcomer’s familiar infection techniques.

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured RAT that implements its own network communication protocol.

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

While previous AvosLocker infections employ similar routines, this is the first sample researchers observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys).

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags