HackDig : Dig high-quality web security articles

Lazarus APT conceals malicious code within BMP image to drop its RAT

This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers.
Publish At:2021-04-19 13:39 | Read:124 | Comments:0 | Tags:Malwarebytes news APT BMP image korea Lazarus rat

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating s
Publish At:2021-04-09 06:24 | Read:124 | Comments:0 | Tags:Malware Python SANS Internet Storm Center Security RAT SANS

Aurora campaign: Attacking Azerbaijan using multiple RATs

This post was authored by Hossein Jazi As tensions between Azerbaijan and Armenia continue, we are still seeing a number of cyber attacks taking advantage of this situation. On March 5th 2021, we reported an actor that used steganography to drop a new .Net Remote Administration Trojan. Since that time, we have been monitoring this actor and were able to i
Publish At:2021-04-06 16:35 | Read:278 | Comments:0 | Tags:Malware Threat analysis Armenia azerbaijan python rat

[SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT

I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian dolls seeing all the
Publish At:2021-03-04 08:13 | Read:529 | Comments:0 | Tags:Malware SANS Internet Storm Center Security PowerShell Proce

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and priva
Publish At:2021-01-14 16:18 | Read:445 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Security hacking n

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe won’t be supporting the updating and patching of its Flash Player software; covered the ransomware attack against Funke Media Group, one of German
Publish At:2021-01-11 12:42 | Read:468 | Comments:0 | Tags:A week in security Adobe Flash Player APT37 BitCoin Scam Bit

Fake Trump sex video used to spread QNode RAT

Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. Security experts from Trustwave uncovered a malspam campaign that is delivering the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. The spam messages use the subject “GOOD LO
Publish At:2021-01-06 13:18 | Read:411 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

When zombie malware leads to big-money ransomware attacks

byPaul DucklinThe first thing people want to know when there’s a new ransomware story going around is: How much are the crooks asking for this time?Sadly, that is one question that victims themselves don’t need to ask, because the blackmailers who just attacked them will make jolly sure they know the “price”. In one recent and confron
Publish At:2020-12-17 10:25 | Read:556 | Comments:0 | Tags:Botnet Phishing Ransomware botnet Cybercrime malware ransomw

njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection

Threat actors behind the njRAT Remote Access Trojan (RAT) are leveraging active Pastebin Command and Control Tunnels to avoid detection. Researchers from Palo Alto Networks’ Unit 42 reported that operators behind the njRAT Remote Access Trojan (RAT), aka Bladabindi, are leveraging Pastebin Command and Control tunnels to avoid detection.  “I
Publish At:2020-12-10 13:54 | Read:421 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

Malicious npm packages spotted delivering njRAT Trojan

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers w
Publish At:2020-12-01 19:18 | Read:555 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

Phishers spoof reliable cybersecurity training company to garner clicks

“It happens to the best of us.” And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4—a trusted cybersecurity company that offers security awareness training for organizations—to gain recipients’ trust, their Microsoft Outlook credentials, and other personally identifi
Publish At:2020-09-30 12:27 | Read:1018 | Comments:0 | Tags:Scams Cofense cybersecurity training KnowBe4 phishing phishi

RATicate malware gang goes commercial

byPaul DucklinTwo months ago, we wrote about a malware gang that we dubbed RATicate.These criminals have been actively disseminating a range of remote access Trojans – thus the letters RAT in their nickname – aimed at giving them almost complete control over infected computers, all from a distance.As we explained earlier in the year, the jargon t
Publish At:2020-07-14 10:42 | Read:769 | Comments:0 | Tags:Malware SophosLabs bots malware RAT RATicate sophoslabs zomb

New LNK attack tied to Higaisa APT discovered

This post was authored by Hossein Jazi and Jérôme Segura On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa. The Higaisa APT is believed to be tied to the Korean peninsula, and was first disclosed by Tencent Security Threat Intelligence Center in early 2019. The grou
Publish At:2020-06-04 12:55 | Read:1239 | Comments:0 | Tags:Malware Threat analysis APT Higaisa korea LNK PlugX rat

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan (RAT) associated with North Korea’s Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was discovered by Qihoo 360 NetLab in December 2019 as a fu
Publish At:2020-05-18 13:43 | Read:1273 | Comments:0 | Tags:Mac Malware Threat analysis APT Dacls Lazarus mac malware ra

New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability

By Gabrielle Joyce Mabutas With additional insights/analysis from Kazuki Fujisawa A one-time password (OTP) system involves the use of a generated password that can only be used once to log in and access specific online services. Often managed by a third-party provider, this rolling password system aims to reduce unauthorized intrusions to systems via compro
Publish At:2020-05-18 12:48 | Read:953 | Comments:0 | Tags:Mac backdoor Lazarus RAT