Martijn Lammerts
My own digital place with a little of everything

New GnatSpy Mobile Malware Family Discovered

18 December 2017

Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

New GnatSpy Mobile Malware Family Discovered

Continue reading...

Dissecting PRILEX and CUTLET MAKER ATM Malware Families

14 December 2017

For a while now, Trend Micro has focused its efforts on covering ATM malware, especially new families that come up with features that stealthily target banking customers. In this blog post, we're going to cover two that have recently come to our attention: Prilex and Cutlet Maker. Each of them is interesting in their own right, but for different reasons.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Dissecting PRILEX and CUTLET MAKER ATM Malware Families

Continue reading...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

11 December 2017
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and detection. In...
Continue reading...

CONFICKER/ DOWNAD 9 Years After: Examining its Impact on Legacy Systems

7 December 2017

Despite being nearly a decade old, and years past its peak, DOWNAD, also known as CONFICKER, has not gone away. 9 years to the month after its first discovery, we take a look at the numbers to see where DOWNAD is today, and why it is still one of the world’s most prevalent malware.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

CONFICKER/ DOWNAD 9 Years After: Examining its Impact on Legacy Systems

Continue reading...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

5 December 2017
Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet. The disruption is the culmination of a journey that started in...
Continue reading...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

4 December 2017
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the...
Continue reading...

New tech support scam launches communication or phone call app

20 November 2017
A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to call a fake tech support scam hotline.  ...
Continue reading...

Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks

20 November 2017

The waves of backdoor-laden spam emails we observed during June and July that targeted Russian-speaking businesses were part of bigger campaigns. The culprit appears to be the Cobalt group, based on the techniques used. In their recent campaigns, Cobalt used two different infection chains, with social engineering hooks that were designed to invoke a sense of urgency in its recipients—the bank’s employees.

Of note were Cobalt’s other targets. Their first spam run also targeted a Slovenian bank, while the second run targeted financial organizations in Azerbaijan, Belarus, and Spain.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks

Continue reading...