Android banking trojan MMRat

Overview The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new Android banking trojan named MMRat, which has been targeting mobile users in Southeast Asia since late June 2023. The malware is capable of capturing user input, screen content, and remotely controlling victim devices to carry out bank fraud. Key Points Target Geography: … Continue reading Android banking trojan MMRat →

Mobile Threat Landscape in Q2 2023

General Statistics A total of 5,704,599 mobile malware, adware, and riskware attacks were blocked. The most common threat was potentially unwanted software (RiskTool), accounting for 30.8% of all threats. 370,327 malicious installation packages were detected, including 59,167 related to mobile banking Trojans and 1,318 related to mobile ransomware Trojans. New Types of Malware A new … Continue reading Mobile Threat Landscape in Q2 2023 →

Qakbot Infrastructure Takedown

Overview The FBI, in collaboration with the Justice Department and other international partners, has conducted a multinational operation to disrupt and dismantle the Qakbot malware and botnet infrastructure. This operation took place across multiple countries, including the U.S., France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. Key Points Scale of Operation: This is … Continue reading Qakbot Infrastructure Takedown →

Critical Juniper RCE bug chain getting exploited in the wild after PoC release

Overview Apparently, threat actors are exploiting a critical Remote Code Execution (RCE) vulnerability chain in Juniper EX switches and SRX firewalls as per shadowserver. This exploitation comes after the release of a Proof of Concept (PoC) by watchTower Labs. Key Points Exploitation Method: The attackers are targeting the Internet-exposed J-Web configuration interface of Juniper devices. … Continue reading Critical Juniper RCE bug chain getting exploited in the wild after PoC release →

LockBit ransomware group

Overview Origin: Not explicitly stated, but suspected to operate out of Eastern Europe and Russia. Active Since: Emerged in 2019, gained significant traction with the launch of LockBit 2.0 in the second half of 2021. Latest Version: LockBit 3.0, also known as LockBit Black, released in June 2022. Key Features and Capabilities Encryption Method: Focuses … Continue reading LockBit ransomware group →

POC of Juniper flaws in SRX and EX Series products

Source: https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844 Overview Proof of Concept (PoC) for chaining multiple CVEs to achieve Remote Code Execution (RCE) in Juniper JunOS within SRX and EX Series products. The vulnerabilities are identified as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847. Technical Details Vulnerabilities: The PoC exploits a pre-authentication upload vulnerability to upload an arbitrary PHP file to a restricted … Continue reading POC of Juniper flaws in SRX and EX Series products →

Phishing Campaigns by Lockbit Observed in Spain

Source: Spain warns of LockBit Locker ransomware phishing attacks Overview The National Police of Spain has issued a warning about an ongoing ransomware campaign targeting architecture firms in the country. The campaign uses phishing emails to deliver the 'LockBit Locker' ransomware and exhibits a high level of sophistication. Key Points Target Sector: The primary targets … Continue reading Phishing Campaigns by Lockbit Observed in Spain →

Play Ransomware

Origin and Targets Emergence: The group emerged in june 2022 and is also known as PlayCrypt. Similar Behavior: Resembles Hive and Nokayawa ransomware families TTPs: Uses AdFind, a command-line query tool for collecting information from Active Directory Recent Attacks: Targeted the city of Oakland, California, and now focusing on midsize enterprises through MSPs (Managed Service … Continue reading Play Ransomware →

Rhysida Ransomware

Overview Rhysida is a Ransomware-as-a-Service (RaaS) group that emerged at the end of May 2023. Despite being a newcomer, the group has quickly established itself as a significant ransomware operation. Their first high-profile attack was against the Chilean Army, marking a trend of ransomware groups targeting Latin American government institutions. Source Origin and Affiliations Origin: … Continue reading Rhysida Ransomware →

Tracking Ransomware

AI and human Copilot generated. Source : "Ransomware tracker: The latest figures [August 2023]" from The Record Overview The report provides an update on the state of ransomware attacks as of August 2023. It is updated monthly and compiles data from various sources, including extortion sites, government agencies, news reports, and hacking forums. Key Findings … Continue reading Tracking Ransomware →