trend micro research : malware – Page 3 – Computer Security Articles

Credit to Author: Abdelrahman Esmail| Date: Wed, 28 Aug 2024 00:00:00 +0000

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Security TrendMicro

August 8, 2024 admin

A Dive into Earth Baku’s Latest Campaign

Credit to Author: Ted Lee| Date: Fri, 09 Aug 2024 00:00:00 +0000

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.

Security TrendMicro

August 1, 2024 admin

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

Credit to Author: Jaromir Horejsi| Date: Thu, 01 Aug 2024 00:00:00 +0000

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.

Security TrendMicro

July 5, 2024 admin

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Credit to Author: Shubham Singh| Date: Fri, 05 Jul 2024 00:00:00 +0000

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Security TrendMicro

July 4, 2024 admin

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Credit to Author: Trend Micro Research| Date: Thu, 04 Jul 2024 00:00:00 +0000

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.

Security TrendMicro

June 27, 2024 admin

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

Credit to Author: Ahmed Mohamed Ibrahim | Date: Fri, 28 Jun 2024 00:00:00 +0000

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

Security TrendMicro

June 19, 2024 admin

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Credit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.

Security TrendMicro

June 14, 2024 admin

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.