Entering into the second month of the year, there’s more information about the various groups that are using the Golden Chicken Malware-as-a-Service. In addition, there’s a lot of malware now in action to get a hold of confidential details related to the military, government, financial statements, banking, and other sensitive data. Be informed and read on these interesting and useful articles we have gathered.

For more articles, check out our #onpatrol4malware blog.


CryptoAPI Spoofing in 2020: Analysis of the First Red Alert at Microsoft HQ in the New Decade

Source: Obsecurity

The new decade has brought an almost shocking number of critical-level vulnerabilities so far, but none quite as impactful as CVE-2020-0601, now better known as the, “CryptoAPI Vulnerability.” Read more.

emotet trojan

New Ryuk Info Stealer Targets Government and Military Secrets

Source: Bleeping Computer

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. Read more.


Hacker Publishes Credentials for Over 515,000 Servers, Routers, and IoT Devices

Source: Trend Micro

A hacker published the credentials of over 515,000 servers, routers, and IoT devices on a well-known hacking website. Read more.

emotet trojan

Breaking down a two-year run of Vivin’s cryptominers

Source: Talos

There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017. Read more.


European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

Source: Recorded Future

This report is based on proprietary Recorded Future network traffic analysis of RAT controllers detected using signatures developed by Insikt Group researchers. The period of analysis covers November 28, 2019 through January 5, 2020. Read more.


New wave of Mal-Spam campaign attaching Disk Imaging Files

Source: Seqrite

From past few months at Quick-Heal Labs, we have been observing a sudden rise in Spear Phishing mail containing distinct file formats as attachment like IMG, ISO, etc. Read more.


The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors

Source: Medium

Since 2018, QuoScient’s Intelligence Operations Team (QuoINT) has tracked the evolution of the Golden Chickens (GC) Malware-as-a-Service provider (MaaS) and how different threat actors use it. Read more.

emotet trojan

Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats

Source: Trend Micro

Different critical infrastructures have been hit with attacks such as those that involved the infamous Stuxnet malware and the more recent Triton malware. Read more.

emotet trojan

Hunting for Ransomware

Source: Reversing Labs

Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game hunting”. Read more.


OpendoorCDN Skimmer Analysis Continued

Source: GoggleHeadedHacker

This article is a continuation of about an Olympic ticket reseller website that was infected with a Magecart-like credit card skimmer, since we have more findings to share. Read more.

emotet trojan

[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild

Source: KnowBe4

We are seeing a new malicious phishing campaign that is based on the fear of the Coronavirus, and it’s the first of many. Read more.


Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting

Source: Sentinel Labs

Pro-Russian Gamaredon APT group has evolved over the last few months, introducing new components to boost its offensive power against the Ukrainian government. Read more.

emotet trojan

These are the top ten software flaws used by crooks: Make sure you’ve applied the patches

Source: ZDNet

Hackers are exploiting many of the same security vulnerabilities as last year and they all impact Microsoft Windows products – but a bug in Adobe Flash was the most exploited in 2019. Read more.


Ghost in the shell: Investigating web shell attacks

Source: Microsoft

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. Read more.