• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Fernando Mercês (Senior Threat Researcher)

Fernando Mercês (Senior Threat Researcher)

Senior Threat Researcher

A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
  • Posted on:July 2, 2019
  • Posted in:Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

In the past few years, Linux systems have been susceptible to attacks involving ransomware, cryptocurrency miners, botnets and other types of malware. The successful deployment of the said attacks refutes an old notion that machines and devices that run Linux are less likely to be affected by malware.

To come up with effective countermeasures, we constantly work on developing methods to address concerns pertaining to attacks against Linux systems, for example, by looking for ways to conduct quick and efficient analysis of malware samples that leads to their eventual detection and blocking. One of these methods involve reverse engineering files to locate the address of the main() function, which usually contains code that malware authors craft to start malicious routines.

Read More
Tags: ELF malwareLinuxmain() functionreverse engineering

Malware Targeting Bitcoin ATMs Pops Up in the Underground
  • Posted on:August 7, 2018
  • Posted in:Deep Web, Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.

Read More
Tags: Bitcoin ATMMalwareunderground

New KillDisk Variant Hits Latin American Financial Organizations Again
  • Posted on:June 7, 2018
  • Posted in:Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.

Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.

Read More
Tags: KilldiskLatin AmericaMBR Wiper

Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground
  • Posted on:May 2, 2018
  • Posted in:Internet of Things, Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

Crime follows the money, as the saying goes, and once again, cybercriminals have acted accordingly. The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best. This kind of malware, also known as cryptomalware, has a clear goal, which is to make money out of cryptocurrency transactions. This can be achieved through two different methods: stealing cryptocurrency and mining cryptocurrency on victims’ devices surreptitiously (without the victims noticing), a process also known as cryptojacking. In this post, we discuss how these two methods work, and see whether devices connected to the internet of things (IoT), which are relatively underpowered, are being targeted.

Read More
Tags: bitcoincryptocurrencycryptocurrency minercybercrimecybercriminal underground

Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware
  • Posted on:April 17, 2018
  • Posted in:Internet of Things, Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.

Read More
Tags: internet of thingsIOTMalwarerouters
Page 1 of 412 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
  • Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
  • Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
  • More Than 8,000 Unsecured Redis Instances Found in the Cloud
  • LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.