In the last two weeks’ worth of infosec articles, we saw a lot of writing about APT activities and even a phishing attack method that uses Morse code to disguise malicious URLs. The Lookout article about the Confucious APT’s Android Spyware includes an in-depth analysis as well as a list of IoCs. To find out more, continue reading the blog post below.

For more articles, check out our #onpatrol4malware blog.

android spyware

Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict

Source: lookout

The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird. We believe with high confidence that these surveillance tools are used by (APT) Confucius Read more.

Lampion trojan disseminated in Portugal using COVID-19 template

Source: SecurityAffairs

In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. Read more.

android spyware

New phishing attack uses Morse code to hide malicious URLs

Source: Bleeping Computer

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. A novel obfuscation technique. Read more.

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

Source: Research Checkpoint

Cyber weapons are digital and volatile by nature. Stealing them and transferring from one continent to another, can be as simple as sending an email. They are also very obscure, and their existence is a closely guarded secret. Read more.

AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Source: CISA

These cyber actors have targeted organizations for cryptocurrency theft in over 30 countries during the past year alone. It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea. Read more.

android spyware

IronNetInjector: Turla’s New Malware Loading Tool

Source: Palo Alto Networks

In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use – including threat actors. This not only saves the bad guys development time. Read more.

android spyware

Highly Active ‘Gamaredon’ Group Provides Services to Other APTs

Source: Security Week

New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat (APT) actors, similar to crimeware gangs. Read more.

android spyware

Lazarus targets defense industry with ThreatNeedle

Source: Secure List

We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. Read more.

android spyware

LazyScripter: From Empire to double RAT

Source: Malware Bytes

In late December 2020 we observed a few malicious documents with embedded objects that were designed to target job seekers. The embedded objects were either VBScript or batch files. Read more.

android spyware

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Source: The Hacker News

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. Read more.