By Raphael Centeno and Llallum Victoria With additional insights from Bren Matthew Ebriega Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose… Continue reading Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Month: May 2020
Netwalker Fileless Ransomware Injected via Reflective Loading
By Karen Victor Threat actors are continuously creating more sophisticated ways for malware to evade defenses. We have observed Netwalker ransomware attacks that involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. This makes this ransomware variant a fileless… Continue reading Netwalker Fileless Ransomware Injected via Reflective Loading
QNodeService: Node.js Trojan Spread via Covid-19 Lure
Insights and Analysis by Matthew Stewart We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new,… Continue reading QNodeService: Node.js Trojan Spread via Covid-19 Lure
Targeted Ransomware Attack Hits Taiwanese Organizations
A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption. The information we gathered indicates that this attack started hitting organizations in early May. Analysis of the malware… Continue reading Targeted Ransomware Attack Hits Taiwanese Organizations
WebMonitor RAT Bundled with Zoom Installer
By Raphael Centeno, Mc Justine De Guzman, and Augusto Remillano II The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. However, like they always do, cybercriminals are expected to exploit popular trends and user behavior. We have witnessed threats against several messaging apps including Zoom. In early April, we spotted… Continue reading WebMonitor RAT Bundled with Zoom Installer