Over the past two weeks, we saw the ultimate Trojan horses “Containers”, the ultimate Trojan horses meant to be immutable. Also, TA542, an actor that distributes Emotet malware, has once again returned from an extensive break from delivering malicious emails.

For more articles, check out our #onpatrol4malware blog.

Containers: The ultimate Trojan horse

Source: BetaNews

Containers Trojan horse are meant to be immutable. Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents and dependencies are explicit. Read more.

Unwanted emails steadily creeping into inboxes

Source: Help Net Security

A research from Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyberattacks in 2022. Read more.

A Comprehensive Look at Emotet’s Fall 2022 Return

Source: ProofPoint

TA542, an actor that distributes Emotet malware, has once again returned from an extensive break from delivering malicious emails. The actor was absent from the landscape for nearly four months, last seen on July 13, 2022 before returning on November 2, 2022. Read more.

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta

Source: Security Affairs

Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022. Read more.

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019

Source: Security Affairs

Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. Read more.

WASP malware stings Python developers

Source: The Register

Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Read more.

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Source: Security Affairs

North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. Read more.

Previously undetected Earth Longzhi APT group is a subgroup of APT41

Source: Security Affairs

Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Read more.