Martijn Lammerts
My own digital place with a little of everything

Malicious Edge and Chrome Extension Used to Deliver Backdoor

24 May 2018

We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions' source. It appears they are working on a new malware that — based on how they were coded — is most likely intended to spread through spam emails embedded with malicious attachments.

The downloader malware's payload is what makes it notable. It delivers a version of the Revisit remote administration tool, which is used to hijack the infected system. More importantly, it also delivers a malicious extension that could serve as a backdoor, stealing information keyed in on browsers.

The post Malicious Edge and Chrome Extension Used to Deliver Backdoor appeared first on .

Continue reading...

Confucius Update: New Tools and Techniques, Further Connections with Patchwork

23 May 2018

We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.

The post Confucius Update: New Tools and Techniques, Further Connections with Patchwork appeared first on .

Continue reading...

GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities

21 May 2018

We recently found similar Mirai-like scanning activity from Mexico with some being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers.

The post GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities appeared first on .

Continue reading...

Operators of Counter Antivirus Service Scan4You Sentenced

16 May 2018

In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, Ruslans Bondars and Jurijs Martisevs, were arrested in Latvia and extradited to the U.S. by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom.

Trend Micro started to look into Scan4You's operations in 2012, and have been in close contact with FBI investigators assigned to the case since 2014. Our research on Scan4You spanned more than five years, passing some of our findings to the FBI until the service went offline.

The post Operators of Counter Antivirus Service Scan4You Sentenced appeared first on .

Continue reading...

Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

11 May 2018

We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018. Our analysis found that it's increased activity was caused by cybercriminals engaging in cryptomining via exploiting CVE-2017-10271. The flaw is a patched Oracle WebLogic WLS-WSAT vulnerability that can allow remote attackers to execute arbitrary code on unpatched servers. This marks the second time attackers abused CVE-2017-10271 for cryptomining purposes this year. In February, the vulnerability was exploited to deliver 64-bit and 32-bit variants of an XMRig Monero miner.

The post Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability appeared first on .

Continue reading...

New Phishing Scam uses AES Encryption and Goes After Apple IDs

10 May 2018

by Jindrich Karasek Recent data breaches and privacy scares, along with the upcoming General Data Protection Regulation (GDPR) from the European Union, have triggered a change in the way companies handle their users’ data. As a result, many of them have been sending emails asking their users to update their profiles or proactively strengthen security....

The post New Phishing Scam uses AES Encryption and Goes After Apple IDs appeared first on .

Continue reading...

Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities

9 May 2018

For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.

The post Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities appeared first on .

Continue reading...

Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users

8 May 2018

We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.

Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links.

The post Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users appeared first on .

Continue reading...