Earth Estries Targets Government, Tech for Cyberespionage

Credit to Author: Ted Lee| Date: Wed, 30 Aug 2023 00:00:00 +0000

We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.

Read more

Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores

Credit to Author: Trend Micro Research| Date: Tue, 29 Aug 2023 00:00:00 +0000

The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.

Read more

TargetCompany Ransomware Abuses FUD Obfuscator Packers

Credit to Author: Don Ovid Ladores| Date: Mon, 07 Aug 2023 00:00:00 +0000

In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.

Read more

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Credit to Author: Trend Micro Research| Date: Fri, 28 Jul 2023 00:00:00 +0000

Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.

Read more

Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Credit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000

We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.

Read more

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Credit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000

We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.

Read more