Collaborate Disseminate
PhishLabs has observed an active TrickBot campaign targeting the employees of multiple organizations. Trickbot is a sophisticated successor of the Dyre Banking Trojan. It uses an intricate network of command and control servers (C2), web injects, … Continue reading Active TrickBot Campaign Observed Abusing SendGrid and Google Docs
The info-stealing malware has updated its password-grabbing module. Continue reading TrickBot Evolves to Go After SSH Keys
Banking trojans can be one of the most financially damaging pieces of malware to infect computers. Banking trojans are typically seen as any piece of malicious software designed to gain access to confidential information related to the victim’s bankin… Continue reading A Closer Look at the Emotet Banking Trojan
The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.
In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000). Continue reading Secret Service Investigates Breach at U.S. Govt IT Contractor
TrickBot malware targets users of U.S. mobile carriers Verizon, T-Mobile and Sprint via web injects to steal their PIN codes; enabling SIM swapping attacks. Continue reading TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs
Reading Time: 7 minutes IBM X-Force noted changes in the deployment of the TrickBot Trojan and discovered that the most recent version of the malware is fileless.
The post The Curious Case of a Fileless TrickBot Infection appeared first on Security Intelligence.
Continue reading The Curious Case of a Fileless TrickBot Infection
There’s a hint that it might involve Ryuk ransomware. If so, it might be the fourth Ryuk attack against state and local agencies since May. Continue reading Georgia’s court system hit by ransomware
What’s in the Name: Call it IcedID or TrickBot? Tell that to a security researcher (Arsh Arora in this case) and watch them RANT
(Gar-note: today’s blog post is a guest blog from malware analyst, Arsh Arora…)
Today’s post starts w… Continue reading TrickBot: New Injects, New Host
This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropp… Continue reading LokiBot, Anonymous, & Oracle – Hack Naked News #224
This blog is a continuation of our blog series on the Emotet banking Trojan. So far, we have analysed Emotet’s delivery mechanism and its behaviour through dynamic analysis. The host and network data captured from Emotet found that it escalates i… Continue reading The Emotet-ion Game (Part 3)