In this first half of August, we saw that during Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. Also, a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts.
For more articles, check out our #onpatrol4malware blog.
DarkSide ransomware gang returns as new BlackMatter operation
Source: Bleeping Computer
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. Read more.
Threat Spotlight: Solarmarker
Source: Talos
Talos is actively tracking a malware campaign with the Solarmarker information-stealer dating back to September 2020. Some DNS telemetry and related activity even point back to April 2020. Read more.
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
Source: Cybereason
Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. Read more.
Aberebot On The Rise: New Banking Trojan Targeting Users Through Phishing
Source: Cyble
During Cyble’s routine Open-Source Intelligence (OSINT) research, we came across a malware posted by a researcher on Twitter. The malware is a new banking trojan variant named Aberebot that steals sensitive information from infected devices. Read more.
APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Source: PTSecurity
PT Expert Security Center (PT ESC) specialists regularly track the activity of hacker groups and the emergence of new information security threats (threat intelligence). Read more.
Anatomy of native IIS malware
Source: We Live Security
ESET researchers have discovered a set of previously undocumented malware families, implemented as malicious extensions for Internet Information Services (IIS) web server software. Read more.
Android Malware ‘FlyTrap’ Hijacks Facebook Accounts
Source: ThreatPost
Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. Read more.