• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for August 2017

USB Malware Implicated in Fileless Attacks

  • Posted on:August 30, 2017 at 4:30 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

InĀ early AugustĀ we discussed a case where a backdoor (BKDR_ANDROM.ETIN) was being installed filelessly onto a target system usingĀ JS_POWMET.DE, a script that abused various legitimate functions. At the time, we did not know how the threat arrived onto the target machine. We speculated that it was either downloaded by users or dropped by other malware.

Read More
Tags: ANDROMFileless Infectionfileless malwarePOWMET

Android Mobile Ransomware: Bigger, Badder, Better?

  • Posted on:August 28, 2017 at 5:30 am
  • Posted in:Mobile, Ransomware
  • Author:
    Mobile Threat Response Team
0

The mobile threat landscape isn’t just rife with information stealers and rooting malware. There’s also mobile ransomware. While it seems they’re not as mature as their desktop counterparts, what with the likes of WannaCry and Petya, the increasing usage of mobile devices, particularly by businesses, will naturally draw more cybercriminal attention to this type of threat.

Take for instance mobile ransomware on the Android platform. The variants we detected and analyzed during the fourth quarter of last year were thrice as many compared to the same period in 2015. And indeed, the surge is staggering. We already had over 235,000 detections for Android mobile ransomware in the first half of 2017 alone—that’s 181% of detections for all of 2016.

Read More
Tags: androidMobileransomware

Malicious Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord

  • Posted on:August 24, 2017 at 2:56 pm
  • Posted in:Malware
  • Author:
    Stephen Hilt and Lord Alfred Remorin (Senior Threat Researchers)
0

Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files).

Read More
Tags: Chrome extensionsROBLOXRobux

Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly

  • Posted on:August 21, 2017 at 5:47 am
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

Fileless malware can be a difficult threat analyze and detect. It shouldn’t be a surprise that an increasing number of new malware threats are fileless, as threat actors use this technique to make both detection and forensic investigation more difficult. We recently found a new cryptocurrency miner (which we detect asĀ TROJ64_COINMINER.QO) that uses this particular technique as well.

Read More
Tags: cryptocurrencyEternalBlueWMI

New Disdain Exploit Kit Detected in the Wild

  • Posted on:August 17, 2017 at 12:38 am
  • Posted in:Exploits
  • Author:
    Trend Micro
0

The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact, cybercriminals continue to develop more of them.

On August 9, we detected a new exploit kit in the wild, being distributed through a malvertising campaign. With additional analysis of the code and activity, we can confirm that it is the Disdain exploit kit, which started to advertise their services in underground forums starting August 8. We found the ā€œdisdainā€ keyword contained in its JavaScript code.

Read More
Tags: exploit kit
Page 1 of 412 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, ę—„ęœ¬, ėŒ€ķ•œėÆ¼źµ­, å°ē£
  • Latin America Region (LAR): Brasil, MĆ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Ɩsterreich / Schweiz, Italia, Š Š¾ŃŃŠøŃ, EspaƱa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.