All attack reports
Fake Browser Updates delivering BitRAT and Lumma Stealer
This report details a malicious campaign where adversaries used fake browser update prompts to lure victims into downloading and executing malware. The infection chain begins with injected malicious JavaScript code on compromised websites that redirect users to pages mimicking legitimate browser up…
Downloadable IOCs 13
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, overlay attacks, and input capture techniques like keylogging and screen capture. Ho…
Downloadable IOCs 61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries LOLBins) to extract intelligence from key networks across Europe. They have engaged in credential harvesting campaigns aimed at Yahoo and UKR.]net users, as well as dedica…
Downloadable IOCs 30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands
HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves two independent rings of websites that redirect traffic among each other in pop-under tabs, racking up digital ad impressions concealed from users. This sophisticated ope…
Downloadable IOCs 13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such a…
Downloadable IOCs 10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum
The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, including, using the techniques of bypassing two-factor authentication
Downloadable IOCs 230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
Downloadable IOCs 28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically design…
Downloadable IOCs 61
Disrupting FlyingYeti's campaign targeting Ukraine
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to ope…
Downloadable IOCs 8
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7