In this first half of August, we saw that during Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. Also, a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts.

For more articles, check out our #onpatrol4malware blog.

DarkSide ransomware gang returns as new BlackMatter operation

Source: Bleeping Computer

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. Read more.

Threat Spotlight: Solarmarker

Source: Talos

Talos is actively tracking a malware campaign with the Solarmarker information-stealer dating back to September 2020. Some DNS telemetry and related activity even point back to April 2020. Read more.

DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos

Source: Cybereason

Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. Read more.

Aberebot On The Rise: New Banking Trojan Targeting Users Through Phishing

Source: Cyble

During Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. The malware is a new banking trojan variant named Aberebot that steals sensitive information from infected devices. Read more.

APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere

Source: PTSecurity

PT Expert Security Center (PT ESC) specialists regularly track the activity of hacker groups and the emergence of new information security threats (threat intelligence). Read more.

Anatomy of native IIS malware

Source: We Live Security

ESET researchers have discovered a set of previously undocumented malware families, implemented as malicious extensions for Internet Information Services (IIS) web server software. Read more.

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Source: ThreatPost

Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. Read more.