It doesn’t take an advanced malware to disrupt a business operation. In fact, even a simple backdoor is enough to do it. Earlier this year the Trend Micro Forward-Looking Threat Research Team closely monitored the operations of two Nigerian cybercriminals — identified through aliases Uche and Okiki — who attacked small businesses from developing countries to steal information and intercept transactions with…Read More
These days, German users receive emails announcing that a company called IT-Electronics is looking for professionals in search of extra income. Here is a rough translation of the email message: Dear recipient, IT Electronics, the leading Asian firm in the field of information technology, announces again its intention to employ workers in Germany. We give…Read More
When it comes to threat investigations, we often treat the malicious binary as the smoking gun or the crown jewel of the investigation. However, examining the other components can produce the bigger picture that will be far more detailed than simply focusing on the binary.
By looking beyond one malicious file, we were able to determine that a slew of seemingly unrelated phishing emails were in fact, part of a campaign targeting banks and financial institutions across the globe. The attackers used other banks’ email accounts to send the phishing emails to their targeted banks in order to gain access and remotely control their computers. We are calling this campaign “Cuckoo Miner.” The attackers’ method of taking over legitimate inboxes to prey on victims echoes the cuckoo’s distinct act of tricking other birds into raising its chick by taking over their nests.Read More
“Get rich fast” scams have been circulating online for several years now. Some examples would be the classic Nigerian or 419 scams, lottery scams, and work-from-home scams. The stories may vary but the underlying premise is the same: get a large sum of money for doing something with little to no effort. Scammers have now…Read More
Several months ago, we found that several Ice IX servers were hosted in the .co.za (South Africa) top-level domain. Our research revealed that these servers were all tied to a group of individuals located in Nigeria. To recap, Ice IX is a popular banking Trojan that was heavily used by these criminals, together with the…Read More