Anomalous, short-lived spyware campaigns targeted ICS environments, spreading via compromised corporate mailboxes and SMTP-based C2 to harvest credentials. The report reveals thousands of abused corporate email accounts, extensive credential marketplaces, and …
Category: Threat Research
BlackCat is a Rust-based RaaS that targets Windows and Linux with configurable encryption and extortion features, delivering payloads via third-party frameworks or exposed apps and demanding high ransoms. It markets affiliates on underground forums, maintains …
MoonBounce is a sophisticated UEFI firmware implant that persists in SPI flash and chains into a memory-resident, fileless malware deployment, attributed to APT41. The campaign also features ScrambleCross loaders (StealthVector and StealthMutant) and multiple …
BlueNoroff, a Lazarus-linked APT, continues its cryptocurrency-centric campaigns with multi-stage infections and sophisticated social engineering to target crypto startups worldwide. The group blends long-running infection chains, deceptive communications, and…
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as…
The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blog….
Cofense PDC observed a mass phishing campaign that uses “missed voicemail” lures impersonating British Telecom to direct recipients to a spoofed BT sign-in page. Credentials entered on the fake page are exfiltrated to an external address and victims are then r…
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook,…
The post Social Network Account Stealers Hidden in Android Gaming Hacking Tool appeared first on McAfee Blog….
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Cofense PDC discovered an IT-support themed phishing campaign that impersonates Mimecast to trick users into submitting credentials via recently created spoof domains. The attack uses a counterfeit Mimecast security flow and landing page (hXXps://hiudgntxrg[.]…
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the…
The post New Ryuk Ransomware Sample Targets Webservers appeared first on McAfee Blog….
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google…
The post BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain appeared first on McAfee Blog….
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact…
The post McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware appeared first on McAfee Blog….
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations…
The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blog….
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,…
The post McAfee Defender’s Blog: Operation Dianxun appeared first on McAfee Blog….
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed…
The post Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies appeared first on McAfee Blog….