In this first half of April, we noticed that cyber threats are spreading all over the world and involve major investigations. This new threat, which we’ve named Janeleiro, attempts to deceive its victims with pop-up windows designed to look like the websites of some of the biggest banks in Brazil.

For more articles, check out our #onpatrol4malware blog.

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Source: SecureList

In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. Read more.

BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns

Source: ProofPoint

In late 2020, TA453, an Iranian-nexus threat actor, launched a credential phishing campaign targeting senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel. Read more.

The leap of a Cycldek-related threat actor

Source: SecureList

In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable. Read more.

APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks

Source: FBI

In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed APT actors scanning devices on ports 4443, 8443, and 10443. Read more.

Janeleiro, the time traveler: A new old banking trojan in Brazil

Source: WeLiveSecurity

This new threat, which we’ve named Janeleiro, attempts to deceive its victims with pop-up windows designed to look like the websites of some of the biggest banks in Brazil. These pop-ups contain fake forms. Read more.

Iran’s APT34 Returns with an Updated Arsenal

Source: CPR

Check Point Research discovered evidence of a new campaign by the Iranian threat group APT34 (aka OilRig), against what appears to be a Lebanese target, employing a new backdoor variant we dubbed SideTwist. Read more.

HTML Lego: Hidden Phishing at Free JavaScript Site

Source: TrustWave

This blog investigates an interesting phishing campaign we encountered recently. In this campaign, the email subject pertains to a price revision followed by numbers. There is no email body. Read more.