Our selection of the most recent infosec articles from around the web, including write ups about both the Masad and Arcane stealer, all accompanied by a possible link between Magecart Group 4 and Cobalt Group. For informational purposes, the Proofpoint Q2 Threat Report is available along with a detailed article about SOCKS proxy.

For more articles, check out our #onpatrol4malware blog.


How Tortoiseshell created a fake veteran hiring website to host malware

Source: Talos

Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Read more.


Magecart Group 4 – A link with Cobalt Group?

Source: HYAS

While working jointly with the threat intelligence team at Malwarebytes, we found some interesting patterns in the email addresses used to register domains belonging to Magecart. Read more.


Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host

Source: Talos

Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called “Divergent.” Read more.

arcane stealer

Frequent VBA Macros used in Office Malware

Source: Security Affairs

The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Read more.

arcane stealer

Proofpoint Q2 2019 Threat Report

Source: Proofpoint

The data presented in this report were collected during the second quarter of 2019 and reflect the disappearance of the Emotet botnet from the threat landscape beginning in June. Read more.


SOCKS Proxy Primer: What Is SOCKs5 and Why Should You Use It?

Source: Security Intelligence

SOCKS, which stands for Socket Secure, is a network protocol that facilitates communication with servers through a firewall by routing network traffic to the actual server on behalf of a client. Read more.


Masad Stealer: Exfiltrating using Telegram

Source: Juniper

Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Read more.

arcane stealer

Arcane Stealer V and its Maker

Source: Fidelis

July 2019, Fidelis Threat Research Team (TRT) acquired and began analyzing a sample of Arcane Stealer V. Read more.


DoorDash Data Breach Impacts Personal Data of Almost 5M Users

Source: ThreatPost

Food delivery service DoorDash disclosed a data breach that affects almost 5 million customers, drivers and merchants using its platform. Read more.


EFF: Encrypted DNS could help close the biggest privacy gap on the Internet


Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections. Read more.


New iOS exploit checkm8 allows permanent compromise of iPhones

Source: Malwarebytes

This morning, an iOS researcher with the Twitter handle @axi0mX announced the release of a new iOS exploit named checkm8 that promises to have serious consequences for iPhone and iPad hardware. Read more.


Phishing attacks abusing appspot.com and web.app domains on Google Cloud

Source: Zscaler

Our researchers recently detected similar activity on the Google domains Appspot.com and Web.app. Read more.

arcane stealer

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

Source: TrendMicro

We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. Read more.