• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Spam

Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
  • Posted on:July 11, 2017 at 3:00 am
  • Posted in:Malware, Spam
  • Author:
    Rubio Wu and Marshall Chen (Threats Analysts)
0

Cybercriminals are opportunists. As other operating systems (OS) are more widely used, they, too, would diversify their targets, tools, and techniques in order to cash in on more victims. That’s the value proposition of malware that can adapt and cross over different platforms. And when combined with a business model that can commercially peddle this malware to other bad guys, the impact becomes more pervasive.

Case in point: Adwind/jRAT, which Trend Micro detects as JAVA_ADWIND. It’s a cross-platform remote access Trojan (RAT) that can be run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android.

Unsurprisingly we saw it resurface in another spam campaign. This time, however, it’s mainly targeting enterprises in the aerospace industry, with Switzerland, Ukraine, Austria, and the US the most affected countries.

Read More
Tags: AdwindjRATjRAT-wrapperremote access TrojanSpam

Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • Posted on:June 9, 2017 at 1:13 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

We found another unique method being used to deliver malware—abusing the action that happens when simply hovering the mouse’s pointer over a hyperlinked picture or text in a PowerPoint slideshow. This technique is employed by a Trojan downloader (detected by Trend Micro as TROJ_POWHOV.A and P2KM_POWHOV.A), which we’ve uncovered in a recent spam email campaign in the EMEA region, especially organizations in the U.K., Poland, Netherlands, and Sweden. Affected industries include manufacturing, device fabrication, education, logistics, and pyrotechnics.

Read More
Tags: GootkitMouseoverOTLARD

Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game
  • Posted on:December 29, 2016 at 11:20 pm
  • Posted in:Malware, Ransomware, Spam
  • Author:
    Trend Micro
0

In early December, GoldenEye ransomware  (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, not only kept to the James Bond theme of its earlier iteration, but also its attack vector.

Given ransomware’s likely outlook to reach a plateau, persistence in the threat landscape and diversification of target victims are the names of the game. GoldenEye exemplifies bad guys trying to gain scale, leverage, and profit with rehashed malware.

Read More
Tags: CERBERDRIDEXEMOTETGoldenEyeMischapetyaSharikZBOT

From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • Posted on:September 22, 2016 at 2:15 am
  • Posted in:Ransomware, Spam
  • Author:
    Trend Micro
0

Why is it critical to stop ransomware at the gateway layer? Because email is the top entry point used by prevalent ransomware families. Based on our analysis, 71% of known ransomware families arrive via email. While there’s nothing new about the use of spam, ransomware distributors continue to employ this infection vector because it’s a tried-and-tested method. It’s also an effective way to reach potential victims like enterprises and small and medium businesses (SMBs) that normally use emails for communication and daily operations. Over the first half of the year, we observed how cybercriminals leveraged file types like JavaScript, VBScript, and Office files with macros to evade traditional security solutions. Some of these file types can be used to code malware. In fact, as a security precaution, Microsoft turns off macros by default. In this blog post, we examine various email file attachments and how ransomware affected the fluctuation in the use of these file types.

Read More
Tags: LockyLocky Ransomwarespam email attachment

BANKER Trojan Sports New Technique to Take Advantage of 2016 Olympics
  • Posted on:August 19, 2016 at 3:45 am
  • Posted in:Malware, Spam
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

Despite the 2016 Olympics coming to a close, cybercriminals remain relentless in using the sporting event as a social engineering hook to distribute a banking Trojan. Earlier this month, we spotted a phishing campaign that led victims to unknowingly download the Banker malware. Although Banker has been in the wild for years, this time we see it using a Dynamic Loading Library (DLL) with malicious exported functions. One of the export calls used is to check if the victimized system is located in Brazil.  If the geolocation points to Brazil, then another malicious file is downloaded.  This particular new routine points to the possibility of the cybercriminals’ intention of riding on the popularity of the Olympics to lure users. Apart from Banker, there are reports indicating that other banking Trojans, are doing the same thing. For instance, Sphinx ZeuS has enhanced its capabilities because of the Olympics.

Read More
Tags: 2016 Olympicsbanking trainingBrazilian cybercriminal undergroundcarding training
Page 1 of 9712 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
  • New WannaCry-Mimicking SLocker Abuses QQ Services
  • LeakerLocker Mobile Ransomware Threatens to Expose User Information
  • SLocker Mobile Ransomware Starts Mimicking WannaCry
  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
  • A Look at JS_POWMET, a Completely Fileless Malware
  • CVE-2017-0199: New Malware Abuses PowerPoint Slide Show
  • Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly
  • OnionDog is not a Targeted Attack—It’s a Cyber Drill

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.