In the last 2 weeks of August, we saw campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT. Also, campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT.

 

For more articles, check out our #onpatrol4malware blog.

Discovering CAPTCHA Protected Phishing Campaigns

Source: Paloalto

Unit 42 researchers have been observing various malicious campaigns abusing either legitimate challenge and response services or deploying customized fake CAPTCHA-like validation. Read more.

Here’s how hackers are cracking two-factor authentication security

Source: TheNextWeb

A recent study highlighted more than 80% of all hacking-related breaches happen due to compromised and weak credentials, with three billion username/password combinations stolen in 2016 alone. Read more.

Nigerian Ransomware: An Inside Look at Soliciting Employees to Deploy DemonWare

Source: Abnormal

On August 12, 2021, identified and blocked a number of emails sent to Abnormal Security customers soliciting them to become accomplices in a threat scheme. Read more.

Paradise Ransomware: The Builder

Source: MaarcoRamilli

The ransomware builders remind me of old times, where Nukes and Exploiters were freely available in the underground communities when few clicks were enough to bypass many AV vendors and attackers were activists or single people challenging the system. Read more.

Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

Source: TheHackerNews

Mozi, a peer-to-peer botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE. Read more.

Shadowpad: a masterpiece of privately sold malware in Chinese espionage

Source: SentinelLabs

ShadowPad emerged in 2015 as the successor to PlugX. However, it was not until several infamous supply-chain incidents occurred – CCleaner, NetSarang, and ShadowHammer. Read more.

Malicious Campaign Targets Latin America: The seller, The operator, and a curious link

Source: TalosIntelligence

Campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT. Read more.

“Praying Mantis” DISSECTING AN ADVANCED MEMORY-RESIDENT ATTACK

Source:HubSpotUserContent30

Sygnia’s Incident Response Team has been responding to a series of targeted cyber intrusion attacks, performed by a highly capable and persistent threat actor – TG1021: “Praying Mantis”. Read more.

Ransomware Groups to Watch: Emerging Threats

Source: PaloAlto

As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants. Read more.