• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Joseph C Chen (Fraud Researcher)

Joseph C Chen

Fraud Researcher

Ransomware as a Service Princess Evolution Looking for Affiliates
  • Posted on:August 9, 2018
  • Posted in:Bad Sites, Malware, Ransomware
  • Posted by:
    Joseph C Chen (Fraud Researcher)
0

We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig’s traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.

Read More
Tags: Princess Evolutionransomwarerig exploit kit

New Andariel Reconnaissance Tactics Hint At Next Targets
  • Posted on:July 16, 2018
  • Posted in:Bad Sites, Targeted Attacks
  • Posted by:
    Joseph C Chen (Fraud Researcher)
0

Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets’ systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

Read More
Tags: Targeted Attack

FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
  • Posted on:April 30, 2018
  • Posted in:Bad Sites, Malware
  • Posted by:
    Joseph C Chen (Fraud Researcher)
0

Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.

FacexWorm isn’t new. It was uncovered in August 2017, though its whys and hows were still unclear at the time. Last April 8, however, we noticed a spike in its activities that coincided with external reports of FacexWorm surfacing in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain.

Read More
Tags: ChromecryptocurrencyFacebookFacexWormMessengermining

Pop-up Ads and Over a Hundred Sites are Helping Distribute Botnets, Cryptocurrency Miners and Ransomware
  • Posted on:March 22, 2018
  • Posted in:Bad Sites
  • Posted by:
    Joseph C Chen (Fraud Researcher)
0

The Trend Micro Cyber Safety Solutions team has been tracking a potentially unwanted app (PUA) distribution campaign that installs PUA software downloaders. During our research, we found that some of these distributors started pushing malware along with PUAs in late 2017. In this post we focus on one of the older PUA software downloaders called ICLoader (also called FusionCore and detected by Trend Micro as PUA_ICLOADER). Different reports identified it as a PUA software downloader because it installed adware or unwanted software.

Read More
Tags: botnetcryptocurrency minerPUAransomware

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
  • Posted on:February 1, 2018
  • Posted in:Bad Sites, Social
  • Posted by:
    Joseph C Chen (Fraud Researcher)
0

The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.

Read More
Tags: cryptocurrency minerDroidclub
Page 1 of 512 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
  • Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.