HackDig : Dig high-quality web security articles

Hermit spyware is deployed with the help of a victim’s ISP

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. The spyware, dubbed Hermit, is reported to have government clients much like Pegasus. Italian vendor RCS Labs developed Hermit. The spyware
Publish At:2022-06-29 07:53 | Read:531 | Comments:0 | Tags:Privacy Reports Android Apple C2 command and control commerc

Denonia cryptominer is first malware to target AWS Lambda

p>Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda, the serverless computing platform of Amazon Web Services (AWS). Though Lambda has been around for less than ten years, serverless technology is considered relatively young, according to Matt Muir, one of Cado&#
Publish At:2022-04-11 12:48 | Read:3959 | Comments:0 | Tags:Business AWS IAM AWS Lambda C2 Cado Security command & contr

Duo of Android dropper and payload target certain countries and app users

After making its first in-the-wild appearance in March 2021, Vultur—an information-stealing RAT that runs on Android—is back. And its dropper is equally nasty. Vultur (Romanian for “vulture”) is known to target banks, cryptocurrency wallets, social media (Facebook, TikTok), and messaging services (WhatsApp, Viber) to harvest credentials using
Publish At:2022-02-01 12:46 | Read:1572 | Comments:0 | Tags:Android "2FA Authenticator" Android dropper android malware

Emotet’s back and it isn’t wasting any time

Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotet’s botnet. Law enforcement then used their control of this infrastructure to send a “self-
Publish At:2021-12-03 14:55 | Read:2848 | Comments:0 | Tags:Trojans app installer C2 distribution emotet GoDaddy reply-c

[SANS ISC] C2 Activity: Sandboxes or Real Victims?

I published the following diary on isc.sans.edu: “C2 Activity: Sandboxes or Real Victims?“: In my last diary, I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the host and the number slightly increased
Publish At:2021-04-02 06:38 | Read:1796 | Comments:0 | Tags:Malware SANS Internet Storm Center Security C2 Sandbox SANS

[SANS ISC] Pastebin.com Used As a Simple C2 Channel

I published the following diary on isc.sans.edu: “Pastebin.com Used As a Simple C2 Channel“: With the growing threat of ransomware attacks, they are other malicious activities that have less attention today but they remain active. Think about crypto-miners. Yes, attackers continue to mine Monero on compromised systems. I spotted an interesting
Publish At:2021-03-19 07:01 | Read:2119 | Comments:0 | Tags:SANS Internet Storm Center Security C2 Cryptominer Monero Pa

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage, the threat actors used Cobalt Strike’s Malleable C2 fe
Publish At:2020-06-17 15:39 | Read:6324 | Comments:0 | Tags:Malware Threat analysis APT C2 cobalt strike Malleable C2


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud