In this second half of March, we observed an interesting email campaign by a threat actor we track as TA800. They distributed a new malware we are calling NimzaLoader. Also, another ransomware gang has started to target vulnerable Exchange servers with another...
In the last two weeks’ worth of infosec articles, we saw a lot of writing about APT activities and even a phishing attack method that uses Morse code to disguise malicious URLs. The Lookout article about the Confucious APT’s Android Spyware includes an...
On to the end of January and we’re seeing banking malware such as Vadokrist and many others. Vadokrist is written in Delphi and has an unusually large amount of unused code in the binaries. It is believed that this is an attempt to evade detection and dissuade...
On to a new year, but it’s still good to review some malware such as APT37 to help us understand more about cybercrimes. APT37 is associated with an attack that embeds macro that uses a VBA self decoding technique to decode itself within the memory spaces of MS...
On to the last day of the controversial year, cybercrime is still rife, as the attack activities of the Quasar Family. Quasar is an open-source RAT with a variety of functions. This is easy to use and therefore exploited by several APT actors. Learn more in this batch...
A week before Christmas, cryptocurrency mining botnet PGMiner is showing smarter ways to hack into a victim’s machine. At its core, PGMiner attempts to connect to the mining pool for Monero mining. Learn more on this and other malware in this batch of InfoSec...