Over the past two weeks, we saw the “Microsoft research uncovers new Zerobot capabilities” and also, “IcedID Botnet Distributors Abuse Google PPC to Distribute Malware”. Check out the digested news.

For more articles, check out our #onpatrol4malware blog.

Microsoft research uncovers new Zerobot capabilities

Source: Microsoft

Zerobot, a Go-based botnet that spreads primarily through IoT and web application vulnerabilities, is an example of an evolving threat, with operators continuously adding new exploits and capabilities to the malware. Read more.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

Source: Naked Security by Sophos

Anyone unfortunate enough to install the pwned version of PyTorch during the danger period almost certainly ended up with data-stealing malware implanted on their computer. Read more.

BlueNoroff introduces new methods bypassing MoTW

Source: SecuryList by Kaspersky

The first new method the group adopted is aimed at evading the Mark-of-the-Web (MOTW) flag, the security measure whereby Windows displays a warning message when the user tries to open a file downloaded from the internet. Read more.

SPF and DMARC use on GOV domains in different ccTLDs

Source: SANS

Although e-mail is one of the cornerstones of modern interpersonal communication, its underlying Simple Mail Transfer Protocol (SMTP) is far from what we might call robust or secure. Read more.

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Source: TrendMicro

After closely tracking the activities of the IcedID botnet, TredMicro have discovered some significant changes in its distribution methods. Since December 2022, they observed the abuse of Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. Read more.

Ransomware Roundup – Play Ransomware

Source: Fortinet

The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. Read more.

CISA Releases Phishing Infographic

Source: CISA

CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Read more.

Raspberry Robin Worm Hatches a Highly Complex Upgrade

Source: Dark reading

The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and “several times more complex,” as the group behind it tests how far the worm can be spread. Read more.