Categories
Uncategorized

Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

By Jessie Huang (Mobile Threats Analyst) We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones; the video below shows […]

Categories
Uncategorized

Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

By Raphael Centeno and Llallum Victoria With additional insights from Bren Matthew Ebriega Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose […]

Categories
Uncategorized

Netwalker Fileless Ransomware Injected via Reflective Loading

By Karen Victor Threat actors are continuously creating more sophisticated ways for malware to evade defenses. We have observed Netwalker ransomware attacks that involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. This makes this ransomware variant a fileless […]

Categories
Uncategorized

QNodeService: Node.js Trojan Spread via Covid-19 Lure

Insights and Analysis by Matthew Stewart We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, […]

Categories
Uncategorized

Targeted Ransomware Attack Hits Taiwanese Organizations

A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption. The information we gathered indicates that this attack started hitting organizations in early May. Analysis of the malware […]

Categories
Uncategorized

WebMonitor RAT Bundled with Zoom Installer

By Raphael Centeno, Mc Justine De Guzman, and Augusto Remillano II The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. However, like they always do, cybercriminals are expected to exploit popular trends and user behavior. We have witnessed threats against several messaging apps including Zoom. In early April, we spotted […]

Categories
Uncategorized

Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining

By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have […]

Categories
Uncategorized

Gamaredon APT Group Use Covid-19 Lure in Campaigns

By Hiroyuki Kakara and Erina Maruyama Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came across an email […]

Categories
Uncategorized

April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities

Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday, just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January. In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year. In this month’s list, 17 […]

Categories
Uncategorized

Zoomed In: A Look into a Coinminer Bundled with Zoom Installer

By Raphael Centeno and Llallum Victoria Many companies around the world have transitioned to work-from-home arrangements because of growing concerns over the COVID-19 global health crisis. This new setup has highlighted the usefulness of video conferencing apps. These platforms have been utilized by companies and remote workforces to hold meetings and for other communication needs […]