Top IT Security Bloggers

TrendLabs - Malware Blog
  • New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis

    TrendLabs - Malware Blog
    We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
  • November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange

    TrendLabs - Malware Blog
    Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.
    Abusing DDE isn’t new, but the method has made a resurgence with reports of cyberespionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange
  • Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices

    TrendLabs - Malware Blog
    Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable global market for stolen mobile phones—and by extension, iCloud fraud. From Ireland and the U.K. to India, Argentina, and the U.S., the demand for unlocking services for stolen phones is staggering: last year, stolen iPhones were sold in Eastern European countries for as much as US$2,100. In the U.S. 23,000 iPhones from the Miami International Airport, valued at $6.7 million, were stolen last year.
    The fraudsters’ attack chain is relatively straightforward. They spoof an email or SMS from Apple notifying victims that their device has been found. The eager victim, wanting their phone back, clicks on the link that will compromise their iCloud credentials, which is then reused to unlock the stolen device. The thieves will then subcontract third-party iCloud phishing services to unlock the devices. These Apple iCloud phishers run their business using a set of cybercriminal tools that include MagicApp, Applekit, and Find My iPhone (FMI.php) framework to automate iCloud unlocks in order to resell the device in underground and gray markets.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices
  • Toast Overlay Weaponized to Install Several Android Malware

    TrendLabs - Malware Blog
    We uncovered new Android malware that can surreptitiously install other malware on the affected device via the Toast Overlay attack: TOASTAMIGO, detected by Trend Micro as ANDROIDOS_TOASTAMIGO. The malicious apps, one of which had over 500,000 installs as of November 6, 2017, abuses Android’s Accessibility features, enabling them—at least for now—to have ad-clicking, app-installing and self-protecting/persistence capabilities.
    Overlay attacks entail drawing and superimposing Android View (i.e., images, buttons) atop other running apps, windows or processes. A typical scenario for a Toast Overlay attack is to employ it to trick the user into clicking a window or button specified by the attacker instead of the legitimate one. The technique, which was demonstrated earlier this year, leverages a vulnerability in Toast (CVE-2017-0752, patched last September), a feature in Android used to display notifications over other applications.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Toast Overlay Weaponized to Install Several Android Malware
  • REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography

    TrendLabs - Malware Blog
    REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise known as Muirim and Nioupale) that has four main capabilities: execute shell commands, download and upload data, take screenshots, and log keystrokes.
    Our recent telemetry, however, indicates that variants of Daserf were not only used to spy on and steal from Japanese and South Korean targets, but also against Russian, Singaporean, and Chinese enterprises. We also found various versions of Daserf that employ different techniques and use steganography—embedding codes in unexpected mediums or locations (i.e., images)—to conceal themselves better.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography
  • ChessMaster’s New Strategy: Evolving Tools and Tactics

    TrendLabs - Malware Blog
    A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with notable evolutions in terms of new tools and tactics that weren't present in the initial attacks.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    ChessMaster’s New Strategy: Evolving Tools and Tactics
  • App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

    TrendLabs - Malware Blog
    We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain features to make iXintpwn/YJSNPI more difficult to uninstall.
    We recently discovered a new variant of iXintpwn/YJSNPI (detected by Trend Micro as IOS_YJSNPI.A) that uses a signed profile to conduct different attacks compared to its predecessor. IOS_YJSNPI.A is extracted from either of the two app stores—hxxp://m[.]3454[.]com and hxxp://m[.]973[.]com. Based on our analysis, this new variant’s main purpose is not to damage users’ operating systems, but to lure users into downloading repackaged apps.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant
  • Coin Miner Mobile Malware Returns, Hits Google Play

    TrendLabs - Malware Blog
    The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance.
    Recently, we found that apps with malicious cryptocurrency mining capabilities on Google Play. These apps used dynamic JavaScript loading and native code injection to avoid detection. We detect these apps as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Coin Miner Mobile Malware Returns, Hits Google Play
  • Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia

    TrendLabs - Malware Blog
    A ransomware campaign is currently ongoing, hitting Eastern European countries with what seems to be a variant of the Petya ransomware dubbed Bad Rabbit.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia
  • A Look at Locky Ransomware’s Recent Spam Activities

    TrendLabs - Malware Blog
    Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. Our detections show that it's making another comeback with new campaigns.
    A closer look at the file-encrypting malware’s activities reveals a constant: the use of spam. While they remain a major entry point for ransomware, Locky appears to be concentrating its distribution through large-scale spam campaigns of late, regardless of the variants released by its operators/developers.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    A Look at Locky Ransomware’s Recent Spam Activities

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place