We found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.
Read More
We found an application sample in April called TinkaOTP, and our investigation showed the application bearing a striking resemblance to Dacls remote access trojan (RAT), a Windows and Linux backdoor discovered in December 2019.
Read More
Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.
Read More
One of our honeypots detected a URL spreading a botnet with a Monero miner bundled with a Perl-based backdoor component. The routine caught our attention as the techniques employed are reminiscent as those used in the Outlaw hacking group’s previous operation.
Read More
We discovered a malware that uses three different online services — including Slack and GitHub– as part of its routine. Analysis of the attacker’s tools, techniques, and procedures lead us to believe that this might be a targeted attack from very capable threat actors.
Read More