Collaborate Disseminate
We see lots of phishing attempts for banking, Paypal and other login credentials. This is newer entry to the lists. I don’t often see Shopify phishing emails. I was quite suprised to see a double phishing scam here. First asking for your Shopify… Continue reading 2 in 1 Shopify and Paypal phishing scam
I am having difficulty working out what is happening with this malware. The details about it were uploaded via our submissions system yesterday afternoon when I was out for a medical appointment. I don’t have a copy of the original email, only th… Continue reading Fake HMRC submission email delivers some sort of malware
We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example i… Continue reading Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin
The latest version of these horrific porn related Sextortion, blackmail scams has changed slightly and pretends to be a message from a CIA employee who is part of the task force on paedophilia. It states you are on the list to be investigated and are … Continue reading Fake CIA Sextortion Scam
Yet another Gandcrab ransomware campaign. This time spoofing DHL Express with a fake delivery notification email. This delivers Gandcrab 5.2 ransomware that currently does not have free decryption available yet. This bad actor is getting a bit lazy an… Continue reading Fake DHL Urgent Delivery notice delivers Gandcrab 5.2 ransomware
A somewhat interesting and slightly alarming malware campaign, spreading worldwide but supposed to be targeting the USA that pretends to be an urgent message from the CDC ( Centre for Disease Control ) warning about a flu outbreak. This delivers Gandc… Continue reading Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware
This is a weird one and I can’t determine what the final payload does via running the files in an online sandbox. I really don’t know if the bad actor has messed up or whether it is an anti-vm or anti-sandbox protection on it. The .z attach… Continue reading Fake Bitcoin investment scam delivers malware
There are still using this new version of the Trickbot delivery system where Bitsadmin is used to download the payload in small sections to a victims computer where it is all joined together to make 1 file. This example is today’s latest spoof or imita… Continue reading Fake Paychex Tax verification documents delivers Trickbot
Continuing with the recent changes to the Trickbot delivery system and possibly the payloads and configs today. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The … Continue reading Fake Dun & Bradstreet Company Complaint delivers Trickbot
A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies involved i… Continue reading Fake HSBC payment details delivers Agent Tesla