HackDig : Dig high-quality web security articles for hackers

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:134 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had described in a previous blog. However, it turned out to be diff
Publish At:2020-06-25 16:41 | Read:74 | Comments:0 | Tags:Threat analysis EXIF Magecart metadata skimmers skimming

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage, the threat actors used Cobalt Strike’s Malleable C2 fe
Publish At:2020-06-17 15:39 | Read:144 | Comments:0 | Tags:Malware Threat analysis APT C2 cobalt strike Malleable C2

Honda and Enel impacted by cyber attack suspected to be ransomware

Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of energy distribution in the City of Buenos Aires. Based on sa
Publish At:2020-06-10 02:12 | Read:177 | Comments:0 | Tags:Ransomware Threat analysis ekans enel honda ransomware Snake

New LNK attack tied to Higaisa APT discovered

This post was authored by Hossein Jazi and Jérôme Segura On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa. The Higaisa APT is believed to be tied to the Korean peninsula, and was first disclosed by Tencent Security Threat Intelligence Center in early 2019. The grou
Publish At:2020-06-04 12:55 | Read:232 | Comments:0 | Tags:Malware Threat analysis APT Higaisa korea LNK PlugX rat

Coronavirus campaigns lead to surge in malware threats, Labs report finds

In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report, “Cybercrime tactics and techniques: Attack on home base,” analyze
Publish At:2020-06-01 13:35 | Read:255 | Comments:0 | Tags:Cybercrime Malware Reports Scams Social engineering Threat a

Winning with Cyber Threat Intelligence: Taking a More Personal View

In this final article of our trilogy, we investigate how a cyber threat intelligence (CTI) analyst and associated programmes provide insight about physical and cyber threats to your organisation. The value of these insights is reflected in the wins, which come as a result of context building, holistic understanding, and enhanced awareness in order to outmano
Publish At:2020-05-24 09:53 | Read:173 | Comments:0 | Tags:Security Awareness Cyber Threats threat analysis threat inte

Shining a light on “Silent Night” Zloader/Zbot

When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally leaked in 2011, several new variants proliferated online. That includes a past fork called Terdot Zbot/Zloader, which we extensively covered in 2017. But recently, we observed another bot, with a design reminiscent of ZeuS, that seems to
Publish At:2020-05-24 07:20 | Read:137 | Comments:0 | Tags:Malware Threat analysis banking Trojan banking Trojans HYAS

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal
Publish At:2020-05-18 13:43 | Read:277 | Comments:0 | Tags:Threat analysis ants and cockroach credit car credit card sk

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan (RAT) associated with North Korea’s Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was discovered by Qihoo 360 NetLab in December 2019 as a fu
Publish At:2020-05-18 13:43 | Read:308 | Comments:0 | Tags:Mac Malware Threat analysis APT Dacls Lazarus mac malware ra

APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure

The coronavirus (Covid-19) has become a global pandemic and this is a golden time for attackers to take advantage of this fear to increase the likelihood of their attacks success rate by performing spam and spear phishing campaigns. From late January, several cyber-criminal and state-sponsored groups have begun using coronavirus-based phishing as their i
Publish At:2020-04-09 16:48 | Read:480 | Comments:0 | Tags:Threat analysis advanced persistent threats APTs covid-19 ma

Fake “Corona Antivirus” distributes BlackNET remote administration tool

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your computer, especially if you are connecting to your company̵
Publish At:2020-03-23 17:03 | Read:513 | Comments:0 | Tags:Social engineering Threat analysis antivirus botnet coronavi

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiti
Publish At:2020-03-16 14:22 | Read:687 | Comments:0 | Tags:Threat analysis APT APT36 coronavirus coronavirus malware co

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:517 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called “Domen” being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year,
Publish At:2020-02-28 14:45 | Read:501 | Comments:0 | Tags:Threat analysis buren ransomware Domen domen toolkit intelra

Announce

Share high-quality web security related articles with you:)

Tools