Executive summary: Threat actors continue to leverage the NetWire Remote Access Trojan (RAT) in malicious spam email attacks using low-detection scripts, URL shorteners, and the Discord content delivery network (CDN). The Infection chain begins with a targeted email from the t-online[.]de mail service. These contain an XLS file or ZIP archive that, if opened, triggers […]
Category Archives: Uncategorized
01
Jun
Jun
Keen-eyed Tweeps may have noticed that AnyRun tweeted out a Christmas CTF in their Xmas post card this year (see above). I enjoy a good CTF and with some help from @KrabsOnSecurity we uncovered a code for a free trial of AnyRun Explorer (an account option which is not on the pricing package). The CTF […]
12
May
May
The Magecart collective is a network of cybercriminal groups that have rapidly and successfully inserted credit card skimming scripts into compromised e-commerce websites. These malicious scripts steal payment information from unsuspecting customers, often without detection. This tactic has led to widespread breaches, with Magecart continuing to target vulnerable sites at an alarming rate. Magecart achieved […]
01
May
May
Following the recent discoveries shared by @MalwareHunterTeam and @LukasStefanko on Twitter, I took a closer look at the ongoing Cerberus Android banking Trojan campaign. It has recently reared its head to target English-speaking users via a fake food delivery app: (Figure 1 – The fake website that drops food-delivery.apk) (Figure 2 – Downloading and granting permissions to the Trojanised […]
12
Apr
Apr
“The Lazarus Group, a North Korean state-sponsored hacking organization, is behind some of the most costly cyberattacks in history. Notable incidents include the Sony Pictures Entertainment hack, a series of high-profile bank heists attempting to steal over a billion dollars collectively, and the WannaCry ransomware attack, which impacted tens of thousands of systems worldwide.”– Federal […]