Yet Another TA558 Campaign Targets South America’s Hospitality Industry With AsyncRAT
Introduction This research began with finding a simple malware sample to extract strings for an unrelated topic. In my day-to-day malware analysis workflow, I stumbled upon a JavaScript (JS) file with what I would call trivial obfuscation. I knew it was malware but wanted to understand the infection chain. After some cleanup, I understood it to be a downloader of an additional malicious script. This time, a PowerShell script obscured to look like a PDF hosted on what appeared to be a compromised or hijacked domain. This PDF dropped two files, one being a helper DLL and the other being AsyncRAT
Operation Cronos: A Breakdown of the LockBit Disruption
Check out LockBit 3.0 on our new Ransomware Tracker Beta! Hear more about Operation Cronos on The 443 Podcast . If you’ve followed the ransomware space for the past few years, it’s very likely you’ve heard of LockBit. If you don’t follow the cybersecurity landscape, there’s still a good chance you’ve heard of them or at least their operations. The group’s affiliates have been in headline after headline after headline after headline. In the past few months alone, affiliates have breached ICBC, exfiltrated data from Boeing, and demanded the third largest ransom ever – $80 million – from CDW. To
AnyDesk Remote Access Vendor Compromise
On February 2nd, remote access software vendor AnyDesk disclosed they had been the victim of a cyberattack where an unknown threat actor obtained access to production systems. AnyDesk appears to have contained the incident before the adversaries were able to leverage their access into a supply chain attack against AnyDesk customers but out of an abundance of caution, they proactively revoked all security-related certificates including their code signing certificates for the AnyDesk application. AnyDesk also forced a password reset for all customers on their my.anydesk.com management portal as
Scratching the Surface of Rhysida Ransomware
A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that this group is indeed in its early stages based on the breadth of print debugging and the lack of a victim target in the ransom note. This appeared to be a pre-finished test file. Here’s what I found. Original File Name: fury_ctm1042.bin MD5: 0c8e88877383ccd23a755f429006b437 SHA1
Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI
This post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the privacy of almost everyone, and the CL0P ransomware group leveraged the third vulnerability to infect well over 100 victims. We wanted to highlight another vulnerability – BingBang – that allowed Cloud Security Researcher, Hillai Ben-Sasson, to
Fake Antivirus Software (aka ‘Scareware’) Scam
Fake antivirus software ads and pop-ups try to get you to believe that your computer is infected with a virus and that you can fix these problems by downloading their software. DON’T DO IT!!! These scammers then get you in a couple of ways: You give them access to your credit card information. You give […]
Covid-19 Vaccination Verification Status
Some states, private companies, universities and colleges are creating their own Covid-19 vaccine verification products and services. These include apps and digital passports or certificates. Some are connected to state immunization databases while others rely on individual self reporting. The hodge-podge approach gives scammers an opportunity to cash in on the confusion. While we are […]
Zoom Phishing Email – Current Scams
[ad_1] New from the blog: Zoom Phishing Email – Current Scams [ad_2] Source The post Zoom Phishing Email – Current Scams appeared first on Current Scams.
Zoom Phishing Email
Con artists registered more than 2,449 fake Zoom-related internet domains in the early months of the pandemic, just so they could send out zoom phishing email that look like they’re from the popular videoconferencing website, according to the Better Business Bureau. The scheme: “You receive an email, text or social media message with the Zoom […]
Instagram Sweepstakes Scam
Instagram Sweepstakes Scams have evolved onto the Instagram platform. The platform is where influencers can make money by promoting products and services of sponsored advertisers. But that’s not the only way influencers can earn a buck. It’s common for an influencer to host a contest in which followers enter to win a sponsored product. Entrants […]