Malware Technologies – Page 10

APT10: Tracking down LODEINFO 2022, part II

Posted on October 31, 2022 by Suguru Ishimaru

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Continue reading APT10: Tracking down LODEINFO 2022, part II→

APT10: Tracking down LODEINFO 2022, part I

Posted on October 31, 2022 by Suguru Ishimaru

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. Continue reading APT10: Tracking down LODEINFO 2022, part I→

DiceyF deploys GamePlayerFramework in online casino development studio

Posted on October 17, 2022 by Kurt Baumgartner, Georgy Kucherin

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. Continue reading DiceyF deploys GamePlayerFramework in online casino development studio→

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Posted on October 13, 2022 by GReAT

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. Continue reading Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)→

Uncommon infection and malware propagation methods

Posted on October 5, 2022 by GReAT

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. Continue reading Uncommon infection and malware propagation methods→

DeftTorero: tactics, techniques and procedures of intrusions revealed

Posted on October 3, 2022 by GReAT

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. Continue reading DeftTorero: tactics, techniques and procedures of intrusions revealed→

Prilex: the pricey prickle credit card complex

Posted on September 28, 2022 by GReAT

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. Continue reading Prilex: the pricey prickle credit card complex→

NullMixer: oodles of Trojans in a single dropper

Posted on September 26, 2022 by Haim Zigel, Oleg Kupreev, Artem Ushkov

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. Continue reading NullMixer: oodles of Trojans in a single dropper→

Self-spreading stealer attacks gamers via YouTube

Posted on September 15, 2022 by Oleg Kupreev

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games. Continue reading Self-spreading stealer attacks gamers via YouTube→

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Posted on August 10, 2022 by Pierre Delcher, Giampaolo Dedola

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Continue reading VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges→