TrickBot’s operators have augmented injections with layered defenses to hinder researchers and improve theft during online banking fraud. IBM Trusteer details how TrickBot fetches per-target web injections, secures its communications, and relies on obfuscation…
Category: Threat Research
Emotet spam campaigns are abusing hexadecimal and octal IP address formats to evade pattern-matching detection, delivering malware via Excel 4.0 Macros and HTA code. The operation leads to second-stage payloads like TrickBot and Cobalt Strike beacons, with gui…
Proofpoint details DTPacker, a two-stage .NET packer/downloader that uses Donald Trump-themed fixed keys to decrypt its second stage and deliver payloads such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook. The campaigns blend varied encoding/obfuscation an…
INKY uncovered a large phishing campaign impersonating the U.S. Department of Labor, using spoofed senders and look-alike domains to target Google Workspace and Microsoft 365 users with fake bid invitations for nonexistent federal projects. Victims were led to…
Anomalous, short-lived spyware campaigns targeted ICS environments, spreading via compromised corporate mailboxes and SMTP-based C2 to harvest credentials. The report reveals thousands of abused corporate email accounts, extensive credential marketplaces, and …
BlackCat is a Rust-based RaaS that targets Windows and Linux with configurable encryption and extortion features, delivering payloads via third-party frameworks or exposed apps and demanding high ransoms. It markets affiliates on underground forums, maintains …
MoonBounce is a sophisticated UEFI firmware implant that persists in SPI flash and chains into a memory-resident, fileless malware deployment, attributed to APT41. The campaign also features ScrambleCross loaders (StealthVector and StealthMutant) and multiple …
BlueNoroff, a Lazarus-linked APT, continues its cryptocurrency-centric campaigns with multi-stage infections and sophisticated social engineering to target crypto startups worldwide. The group blends long-running infection chains, deceptive communications, and…
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as…
The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blog….
Cofense PDC observed a mass phishing campaign that uses “missed voicemail” lures impersonating British Telecom to direct recipients to a spoofed BT sign-in page. Credentials entered on the fake page are exfiltrated to an external address and victims are then r…
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook,…
The post Social Network Account Stealers Hidden in Android Gaming Hacking Tool appeared first on McAfee Blog….
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Cofense PDC discovered an IT-support themed phishing campaign that impersonates Mimecast to trick users into submitting credentials via recently created spoof domains. The attack uses a counterfeit Mimecast security flow and landing page (hXXps://hiudgntxrg[.]…
Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the…
The post New Ryuk Ransomware Sample Targets Webservers appeared first on McAfee Blog….
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google…
The post BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain appeared first on McAfee Blog….