Even with low usage rates, new exploit kits have been found targeting Internet Explorer, says Malwarebytes in their fall report. Secure List’s article about Q3 spam and phishing highlight Amazon impersonations with special offers. Read these articles and more in the last two weeks of industry news handpicked by the Malware Patrol Team.
For more articles, check out our #onpatrol4malware blog.

Improve Your Detection Capabilities With Cyber Simulation Datasets
Source: Security Intelligence
Your security incident detection capabilities are at the heart of your organization’s incident response plan. After all, if you are unable to recognize incidents, it is not possible to start an incident response plan. Read more.

The cybercrime ecosystem: attacking blogs
Source: SecureList
The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. Read more.

Mac Backdoor Linked to Lazarus Targets Korean Users
Source: TrendMicro
Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Read more.

Exploit kits: fall 2019 review
Source: MalwareBytes LAB
Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Read more.

Ransomware Attackers Leak Stolen Data
Source: Gov Info Security
Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim’s files to create pressure to pay a ransom. Read more.

ACBackdoor: Analysis of a New Multiplatform Backdoor
Source: Intezer
We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. Windows was found with variants of the same malware. Read more.

Spam and phishing in Q3 2019
Source: Secure List
In Q3, we registered numerous scam mailings related to Amazon Prime. Most of the phishing emails with a link to a fake Amazon login page offered new prices or rewards for buying things, or reported problems with membership, etc. Read more.

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency
Source: Threat Post
Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Read more.

A Glimpse Into Tencent’s Legu Packer
Source: Quarkslab
This blog post deals with the Legu packer, an Android protector developed by Tencent that is currently one of the state-of-the-art solutions to protect APK DEX files. Read more.

The Role of Evil Downloaders in the Android Mobile Malware Kill Chain
Source: Security Intelligence
The spread of malware from user PCs to handheld devices such as smartphones has been a gradual process that started gaining momentum about a decade ago. Read more.

Meet PyXie: A Nefarious New Python RAT
Source: Threat Vector
BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we’re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry. Read more.

Dridex Malware
Source: Cyber Infrastructure
This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector CIG and the Department of the Treasury’s FinCEN to identify and share information with the financial services sector. Read more.