HackDig : Dig high-quality web security articles

What did DeathStalker hide between two ferns?

DeathStalker is a threat actor who has been active starting 2012 at least, and we exposed most of his past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor draught our attention in 2018, because of distinctive attacks characteristics that did not fit the usual cybercrime or state-sponsored activities, mak
Publish At:2020-12-03 06:07 | Read:1258 | Comments:0 | Tags:APT reports Featured Cybercrime Malware Descriptions Malware

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. In June 2018, we published the first report on a n
Publish At:2020-10-15 07:50 | Read:1223 | Comments:0 | Tags:APT reports Featured Backdoor Keyloggers Malware Description

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Experts spotted a new version of the IcedID banking trojan that uses steganography to infect victims as part of COVID-19 themed attacks. A new version of the IcedID banking trojan was employed in COVID-19 themed attacks, the new variant uses steganography to infect victims and implements anti-detection capabilities. Researchers at Juniper Threat La
Publish At:2020-06-22 05:16 | Read:2352 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking coronavirus COVID-

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used by top
Publish At:2020-06-19 07:29 | Read:1830 | Comments:0 | Tags:APT reports Featured Malware Descriptions Malware Technologi

Criminals hack Tupperware website with credit card skimmer

On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered. Threat actors compromised the official tupperware[.]com site—which averages close to 1 millio
Publish At:2020-03-25 14:34 | Read:1735 | Comments:0 | Tags:Hacking credit card Magecart skimmer skimming steganography

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

In the early days, practically all tech support scammers would get their own leads by doing some amateur SEO poisoning and keyword stuffing on YouTube and other social media sites. They’d then leverage their boiler room to answer incoming calls from victims. Today, these practices continue, but we are seeing more advanced operations with a clear sep
Publish At:2020-01-22 16:50 | Read:2360 | Comments:0 | Tags:Threat analysis 404Browlock 404error browlock browlocks Brow

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart. It took some major incidents, notably t
Publish At:2020-01-02 16:50 | Read:2313 | Comments:0 | Tags:Threat analysis credit card Magecart skimmer steganography w

REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography

by Joey Chen and MingYen Hsieh (Threat Analysts) REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by T
Publish At:2017-11-07 11:35 | Read:30497 | Comments:2 | Tags:Malware Targeted Attacks Vulnerabilities BRONZE BULTER Daser

A simple example of a complex cyberattack

We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘M
Publish At:2017-09-26 14:25 | Read:5042 | Comments:0 | Tags:Research DLL hijacking Dropper Microsoft Word Social Enginee

Steganography in contemporary cyberattacks

Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός (steganos), meaning “covered, concealed, or protected”, and γράφειν (graphein) meaning “writing”. Unlike cryptography, which conceals the cont
Publish At:2017-08-03 06:35 | Read:8792 | Comments:0 | Tags:Publications APT Crypto steganography

How to Hide Information with Ordinary Office Printers

The printer you have in your office may be less innocent than you thought. Some experts have already shown that they can even become a steganographic tool, the art, well-known in computer security, of hiding information from prying eyes. A few years ago, the Electronic Frontier Foundation, an organization that defends civil liberties on the internet, reporte
Publish At:2017-01-26 15:35 | Read:4988 | Comments:0 | Tags:Technology printers security steganography

Sundown Exploit Kit now leverages on the steganography

A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit that exploits steganography in order to hide malicious code in harmless-looking image files. The use of steganography was recently observed in the mal
Publish At:2016-12-30 20:05 | Read:4664 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime malware Stegano

Updated Sundown Exploit Kit Uses Steganography

This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went private and sh
Publish At:2016-12-29 13:35 | Read:6715 | Comments:0 | Tags:Exploits Malware Vulnerabilities exploit kit steganography S

Dozens of games infected with Xiny available on the Google Play

Experts at Dr Web discovered dozens of Android game apps in the Google Play Store have been infected with the Android.Xiny Trojan. Bad news for Android users, according to the security Doctor Web firm dozens of game apps in the Google Play Store have been infected with the Android.Xiny.19.origin Trojan. The malware could allow
Publish At:2016-02-01 12:55 | Read:6350 | Comments:0 | Tags:Breaking News Malware Mobile Android Android.Xiny Dr.Web gam

Attackers Embracing Steganography to Hide Communication

Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers.In a presentation last week at Black Hat Europe researchers with Crowdstrike and Dell SecureWorks cited a handful of campa
Publish At:2015-11-18 22:00 | Read:5924 | Comments:0 | Tags:Malware Black Hat Black Hat Europe Crowdstrike Dell SecureWo

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud