Collaborate Disseminate
In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. Continue reading Orcus RAT Author Charged in Malware Scheme
We are seeing a continuation of even more AgentTesla malspam campaigns again this morning. However today’s is somewhat different to usual and also delivers a Nanocore RAT. Actually the Nanocore RAT is downloading the AgentTesla keylogger. And af… Continue reading More AgentTesla keylogger and Nanocore RAT in one bundle
A quick post about the latest in a long, long, long, very, very long line of fake DHL delivery failure emails delivering all sorts of malware. Today’s version is slightly different to the ones we frequently see in UK. Today it is delivering Nanoc… Continue reading Nanocore RAT via fake DHL failed delivery in Chinese
As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are they standard easy to purchase and use malware tools l… Continue reading multiple malware delivered from compromised website run on a domestic BT IP address
I was sent a message via the submissions system last night with the email the victim received attached. At first glance it looked like the typical password protected word docs we see regularly pretending to be either an order, invoice or resume, that f… Continue reading nanocore RAT via fake order in password protected word doc with wrong password
We have been in a bit of lull with a quiet couple of weeks on the malware front in the UK, but that seems to have come to an end overnight and early this morning. Most of the malware are very common, well known versions of Lokibot, Hawkeye and a marg… Continue reading Fake Bank Detail For Funds Transfer delivers info stealer malware
This is a version of Nanocore RAT being delivered via a fake Purchase Order. The file has an invalid, Expired Digital Signature that says Google. It is reasonably well detected by Antiviruses although most of them are Generic / Heuristic detections. … Continue reading Fake Autec Power purchase Order delivers Nanocore RAT
I have seen some pretty lame malware campaigns over time, but this one must rank as one of the lamest ones. Whichever bad actor sending these needs to step up his game. He is using csv attachments that will open in Excel or any other spreadsheet progra… Continue reading Nanocore via fake order using dde in csv files
I was sent these 2 emails via the malware submission system on this site. 2 different emails coming from different senders, imitating or spoofing different companies. Both have iso attachments that extract to .exe files that try to pretend to be a pdf… Continue reading Nanocore RAT via fake order emails
We frequently see this sort of generic Malicious Spam email with an office file attachment that acts as a downloader for all sorts of malware. Today’s example is an email with the subject of [Your Email Address] RE:Payment Receipt for your refere… Continue reading Fake Payment Receipt delivers Nanocore RAT malware