We found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group’s sponsor. In this research brief, we show the timeline of the group’s activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.
Read More
We analyzed a malicious Monero miner using multiple methods for propagation and infection to systems and vulnerable databases. While initially found infecting systems in China beginning of the year, the malware is expanding to other countries with more infiltration techniques like EternalBlue and PowerShell abuse.
Read More
We noticed a Linux coin miner with scripts almost the same as KORKERDS, and with just one crontab removes other miners and malware installed in the system upon infection.
Read More
We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.
Read More
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware. A malicious app could be used to trigger this vulnerability, which occurs when a malicious disk using the F2FS (Flash-Friendly File System) is mounted. The disk can either be an actual physical device or a virtual file image.
Read More