HackDig : Dig high-quality web security articles

Crimea “manifesto” deploys VBA Rat using double attack vectors

This blog post was authored by Hossein Jazi. On July 21, 2021, we identified a suspicious document named “Манифест.docx” (“Manifest.docx”) that downloads and executes two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. While both techniques rely on template injection to
Publish At:2021-07-29 14:33 | Read:1115 | Comments:0 | Tags:Threat Intelligence Crimea CVE-2021-26411 Ekipa Lazarus Laza

The Olympics: a timeline of scams, hacks, and malware

The 2020 Olympics are, after a bit of a delayed start, officially in full swing. So too is the possibility for scammers to crawl out of the woodwork. And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of al
Publish At:2021-07-28 15:09 | Read:681 | Comments:0 | Tags:Hacking fake hack hackers hacking malware nation state olymp

Remcos RAT delivered via Visual Basic

This blog post was authored by Erika Noerenberg Introduction Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan (RAT) via financially-themed emails. Remcos is often delivered via malicious documents or archive files containing scripts or executables. Like other RATs, Re
Publish At:2021-07-19 18:15 | Read:875 | Comments:0 | Tags:Malware Threat analysis Trojans rat remcos

A week in security (June 21 – June 27)

Last week on Malwarebytes Labs: Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11Atomic research institute breached via VPN vulnerabilityHotel staff bust Hermes SMS scammer with suspiciously large number of cablesCity of Liège hit by ransomware, Ryuk suspectedMITRE introduces D3FEND frameworkBrave tak
Publish At:2021-06-28 06:36 | Read:524 | Comments:0 | Tags:A week in security a week in security active directory bec B

ChaChi, a GoLang Trojan used in ransomware attacks on US schools

A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming language, dubbed ChaChi, which has been used by PYSA (aka Mespinoza) operators to target vic
Publish At:2021-06-24 09:24 | Read:544 | Comments:0 | Tags:Breaking News Malware ChaChi Cybersecurity cybersecurity new

Polazert Trojan using poisoned Google Search results to spread

Trojan.Polazert aka SolarMarker has gone back and fine-tuned an old tactic known as SEO-poisoning to plant their Remote Access Trojan (RAT) on as many systems as possible. This RAT runs in memory and is used by attackers to install additional malware on affected systems. Trojan.Polazert Trojan.Polazert is specifically designed to steal credentials from
Publish At:2021-06-17 15:27 | Read:312 | Comments:0 | Tags:Awareness Polazert rat seo poisoning SolarMarker stuffed PDF

MSBuild tool used to deliver RATs filelessly

Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and RedLine Stealer password-stealing malware on targeted Windows systems. 
Publish At:2021-05-16 09:29 | Read:659 | Comments:0 | Tags:Breaking News Malware Cybersecurity cybersecurity news Hacki

Lazarus APT conceals malicious code within BMP image to drop its RAT

This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers.
Publish At:2021-04-19 13:39 | Read:798 | Comments:0 | Tags:Malwarebytes news APT BMP image korea Lazarus rat

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating s
Publish At:2021-04-09 06:24 | Read:733 | Comments:0 | Tags:Malware Python SANS Internet Storm Center Security RAT SANS

Aurora campaign: Attacking Azerbaijan using multiple RATs

This post was authored by Hossein Jazi As tensions between Azerbaijan and Armenia continue, we are still seeing a number of cyber attacks taking advantage of this situation. On March 5th 2021, we reported an actor that used steganography to drop a new .Net Remote Administration Trojan. Since that time, we have been monitoring this actor and were able to i
Publish At:2021-04-06 16:35 | Read:1016 | Comments:0 | Tags:Malware Threat analysis Armenia azerbaijan python rat

[SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT

I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian dolls seeing all the
Publish At:2021-03-04 08:13 | Read:1206 | Comments:0 | Tags:Malware SANS Internet Storm Center Security PowerShell Proce

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and priva
Publish At:2021-01-14 16:18 | Read:844 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Security hacking n

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe won’t be supporting the updating and patching of its Flash Player software; covered the ransomware attack against Funke Media Group, one of German
Publish At:2021-01-11 12:42 | Read:1036 | Comments:0 | Tags:A week in security Adobe Flash Player APT37 BitCoin Scam Bit

Fake Trump sex video used to spread QNode RAT

Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. Security experts from Trustwave uncovered a malspam campaign that is delivering the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. The spam messages use the subject “GOOD LO
Publish At:2021-01-06 13:18 | Read:836 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

When zombie malware leads to big-money ransomware attacks

byPaul DucklinThe first thing people want to know when there’s a new ransomware story going around is: How much are the crooks asking for this time?Sadly, that is one question that victims themselves don’t need to ask, because the blackmailers who just attacked them will make jolly sure they know the “price”. In one recent and confron
Publish At:2020-12-17 10:25 | Read:1157 | Comments:0 | Tags:Botnet Phishing Ransomware botnet Cybercrime malware ransomw

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud