• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Fernando Mercês (Senior Threat Researcher)

Fernando Mercês (Senior Threat Researcher)

Senior Threat Researcher

iPhone Phishing Scam Crosses Over Physical Crime
  • Posted on:May 4, 2017
  • Posted in:Bad Sites, Social
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password.

Fortunately, he was able to recover and update it, as his phone number was tied to his Facebook account. But a pickpocket accessing his victim’s Facebook account is quite unusual. After all, why would a crook be interested with his victim’s Facebook account for when the goal is usually to use or sell the stolen device? It didn’t stop there; a day after, my friend curiously received a phishing SMS message on his new phone.

What’s interesting here is the blurred line between traditional felony and cybercrime—in particular, the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks.

Read More
Tags: Brazilian underground marketiphonephishingPhysical Crime

How Stampado Ransomware Analysis Led To Yara Improvements
  • Posted on:October 3, 2016
  • Posted in:Open source, Ransomware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

Some time ago, I was asked by a colleague to develop a set of Yara rules to detect samples of the Stampado ransomware family. (Yara is an open-source tool used by security researchers to spot and categorize malware samples according to a set of defined rules.)

Stampado is a relatively new Ransomware-as-a-Service (RaaS) threat that’s been on our radar recently. I had access to only a few samples at the time, and first tried looking for common strings among them but had no luck. I then went to compare the files structures and realized all of them had an interesting section at the end of the file, like the one starting at offset 0xde000 as follows:

Read More
Tags: Open sourceransomwareStampadoYara

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • Posted on:September 5, 2016
  • Posted in:Deep Web, Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. This rootkit family called Umbreon (sharing the same name as the Pokémon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. We detect Umbreon under the ELF_UMBREON family.

Read More
Tags: EspeonLinuxrootkitUmbreon

BANKER Trojan Sports New Technique to Take Advantage of 2016 Olympics
  • Posted on:August 19, 2016
  • Posted in:Malware, Spam
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
0

Despite the 2016 Olympics coming to a close, cybercriminals remain relentless in using the sporting event as a social engineering hook to distribute a banking Trojan. Earlier this month, we spotted a phishing campaign that led victims to unknowingly download the Banker malware. Although Banker has been in the wild for years, this time we see it using a Dynamic Loading Library (DLL) with malicious exported functions. One of the export calls used is to check if the victimized system is located in Brazil.  If the geolocation points to Brazil, then another malicious file is downloaded.  This particular new routine points to the possibility of the cybercriminals’ intention of riding on the popularity of the Olympics to lure users. Apart from Banker, there are reports indicating that other banking Trojans, are doing the same thing. For instance, Sphinx ZeuS has enhanced its capabilities because of the Olympics.

Read More
Tags: 2016 Olympicsbanking trainingBrazilian cybercriminal undergroundcarding training

DNS Changer Malware Sets Sights on Home Routers
  • Posted on:May 28, 2015
  • Posted in:Malware
  • Posted by:
    Fernando Mercês (Senior Threat Researcher)
5

Home routers can be used to steal user credentials, and most people just don’t know it yet. Bad guys have found ways to use Domain Name System (DNS) changer malware to turn the most inconspicuous network router into a vital tool for their schemes. We already know that routers sometimes ship with malicious DNS server…

Read More
Tags: DNS ChangerDNS changer malwarerouter
Page 1 of 3123

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • SLocker Mobile Ransomware Starts Mimicking WannaCry
  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard
  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard
  • Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
  • Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability
  • Information Stealer Found Hitting Israeli Hospitals
  • PETYA Crypto-ransomware Overwrites MBR to Lock Users Out of Their Computers

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.