Trend Micro

PurpleFox Adds New Vulnerability Exploit, Rootkit Capabilities, and .NET Backdoor

The new backdoor leverages WebSockets to communicate with its command-and-control (C&C) servers, resulting in a more robust and secure means of communication compared to regular HTTP traffic.

Ransomware Operators Found Using New "Franchise" Business Model

Operators behind a relatively new ransomware operation are rebranding a "supplier" ransomware before deployment instead of simply distributing it under the original name.

Actors Target Huawei Cloud Using Upgraded Linux Malware

The malicious code deployed by attackers disables the hostguard service, a Huawei Cloud Linux agent process that “detects security issues, protects the system, and monitors the agent.”

Mac Users Targeted by Trojanized iTerm2 App

When this app is executed, it downloads and runs a malicious Python script. This malware, which Trend Micro has detected as TrojanSpy.Python.ZURU.A, collects private data from a victim’s machine.

FormBook Adds Latest Office 365 0-Day Vulnerability to Its Arsenal

FormBook creators did some rewrites on the original exploit, which was based on the code disclosed by Trend Micro and Microsoft to protect JavaScript code from being reverse-engineered.

Attackers Use Fake Installers to Drop Malware and Open Doors for Cryptomining and Credential Theft

Fake installers of popular software are being used to deliver malware onto victims’ devices. These lures trick users into opening malicious documents or installing unwanted applications.

Examining the Cring Ransomware Techniques

Once Cring has been executed in the system, it disables services and processes that might hinder its encryption routine. After completing its encryption routine, it deletes itself using a BAT file.

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

The cryptomining trojan z0Miner has been taking advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.

Water Basilisk Attack Campaign Uses New HCrypt Variant to Flood Victims with RAT Payloads

The attacker used publicly available file hosting services such as “archive.org”, “transfer.sh”, and "discord.com", to host the malware while hacked WordPress websites were used to host phishing kits.
September 13, 2021

APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs

APT-C-36 has been known to send phishing emails to various entities in South America using publicly available remote access tools (RATs). Over time, the threat actor switches from one RAT to another.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags