Martijn Lammerts
My own digital place with a little of everything

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .

Continue reading...

Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication

Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.

The post Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication appeared first on .

Continue reading...

New Andariel Reconnaissance Tactics Hint At Next Targets

Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets' systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

The post New Andariel Reconnaissance Tactics Hint At Next Targets appeared first on .

Continue reading...

VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities

This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.A, ELF_VPNFILT.B, ELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

The post VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities appeared first on .

Continue reading...

Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor

by Loseway Lu Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to make them more effective. The threat actors behind a recent case used macro in a more roundabout way, with a macro that searches for specific shortcut files in the user’s system, which...

The post Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor appeared first on .

Continue reading...

Down but Not Out: A Look Into Recent Exploit Kit Activities

Exploit kits may be down, but they’re not out. While they're still using the same techniques that involve malvertisements or embedding links in spam and malicious or compromised websites, their latest activities are making them significant factors in the threat landscape again. This is the case with Rig and GrandSoft, as well as the private exploit kit Magnitude — exploit kits we found roping in relatively recent vulnerabilities to deliver cryptocurrency-mining malware, ransomware, botnet loaders, and banking trojans.

The post Down but Not Out: A Look Into Recent Exploit Kit Activities appeared first on .

Continue reading...

The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors

by Anita Hsieh, Rubio Wu, Kawabata Kohei Six years after it was first spotted in the wild, the Necurs malware botnet is still out to prove that it’s a malware chameleon.  We recently discovered noteworthy changes to the way Necurs makes use of its bots, such as pushing infostealers on them and showing a special...

The post The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors appeared first on .

Continue reading...