New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle. Continue reading New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

TrickBot and Other Malware Droppers Disrupted by Law Enforcement

The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.
The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.
Continue reading TrickBot and Other Malware Droppers Disrupted by Law Enforcement

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

ToddyCat: Keep calm and check logs

In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. Continue reading APT ToddyCat

[SANS ISC] More Undetected PowerShell Dropper

I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“: Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar

The post [SANS ISC] More Undetected PowerShell Dropper appeared first on /dev/random.

Continue reading [SANS ISC] More Undetected PowerShell Dropper

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor. Continue reading GhostEmperor: From ProxyLogon to kernel mode