Collaborate Disseminate
In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers. Continue reading Operation ShadowHammer: a high-profile supply chain attack
Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the Middle East North Africa region. Group1 is the least sophisticated of the three attack Gaza groups. Continue reading Gaza Cybergang Group1, operation SneakyPastes
From the famous Cardingplanet forum to Darknet stolen card stores – financial cybercrime schemes were not dead at all during all these years. They have evolved and become more dangerous than ever. Continue reading Digital Doppelgangers
BasBanke is a banking Trojan built to steal financial data such as credentials and bank card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering over 10,000 installations to April 2019 from the official Google Play Store alone. Continue reading BasBanke: Trend-setting Brazilian banking Trojan
One year has passed since we published the first blogpost about the Roaming Mantis campaign, and this February we detected new activity by the group. Here we follow up on our earlier reporting about the group with updates on their tools and tactics. Continue reading Roaming Mantis, part IV
There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes. Continue reading The return of the BOM
Further tracking of Lazarus activities targeting the financial sector enabled us to discover a new operation, active since at least November 2018, which utilizes PowerShell to control Windows systems and macOS malware for Apple users. Continue reading Cryptocurrency businesses still being targeted by Lazarus
Operation ShadowHammer is a newly discovered supply chain attack that leveraged ASUS Live Update software. While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in Singapore, we would like to share some important details about the attack. Continue reading Operation ShadowHammer
Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild. Continue reading A predatory tale: Who’s afraid of the thief?
This website for volunteers in Venezuela appeared online on February 6th. Only a few days later, on February 11th, the day after the public announcement of the initiative, another almost identical website appeared with a very similar domain name and structure. Continue reading DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign