• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   backdoor

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
  • Posted on:August 7, 2017 at 5:45 am
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts; this is meant to make detection and blocking more challenging, particularly by whitelisting-based solutions.

We’ve observed at least five runs from June 23 to July 27, 2017, each of which sent several malicious emails per target. Affected industries were financial institutions, including banks, and mining firms. Of note is how the attackers diversified their tactic—sending different emails for each run, per target.

Read More
Tags: backdoorCVE-2017-0199JavaScriptPowershell

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
  • Posted on:July 17, 2017 at 3:55 am
  • Posted in:Mobile
  • Author:
    Trend Micro
0

The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.

Detected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities.

There are three versions of GhostCtrl. The first stole information and controlled some of the device’s functionalities without obfuscation, while the second added more device features to hijack. The third iteration combines the best of the earlier versions’ features—and then some. Based on the techniques each employed, we can only expect it to further evolve.

Read More
Tags: androidbackdoorGhostCtrlOmniRAT

Shadow Force Uses DLL Hijacking, Targets South Korean Company
  • Posted on:September 9, 2015 at 1:00 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Dove Chiu (Threat Researcher)
0

What sort of interest would a businessman have in a news agency? That was the question that arose from our recent investigation on an attack that appears to target a media agency in South Korea. Shadow Force is a new backdoor that replaces a DLL called by a particular Windows service.  Once that backdoor is open, the attacker…

Read More
Tags: APTbackdoorshadow forceSouth Korea

Cybercriminal Sharpshooters: Nigerian Scammers Use HawkEye to Attack Small Businesses
  • Posted on:June 16, 2015 at 8:54 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Ryan Flores (Threat Research Manager)
0

It doesn’t take an advanced malware to disrupt a business operation. In fact, even a simple backdoor is enough to do it. Earlier this year the Trend Micro Forward-Looking Threat Research Team closely monitored the operations of two Nigerian cybercriminals — identified through aliases Uche and Okiki — who attacked small businesses from developing countries to steal information and intercept transactions with…

Read More
Tags: backdoorcybercrimehawkeyelimitlesspredator pain

Attack Gains Foothold Against East Asian Government Through “Auto Start”
  • Posted on:May 21, 2015 at 6:40 am
  • Posted in:Targeted Attacks
  • Author:
    Dove Chiu (Threat Researcher)
0

East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies’ network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to…

Read More
Tags: APTbackdoorMalwarenetwork securityserverstargeted attacks
Page 1 of 612 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $5.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
  • Android Mobile Ransomware: Bigger, Badder, Better?
  • Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
  • New WannaCry-Mimicking SLocker Abuses QQ Services
  • LeakerLocker Mobile Ransomware Threatens to Expose User Information

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
  • The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
  • GhostClicker Adware is a Phantomlike Android Click Fraud
  • USB Malware Implicated in Fileless Attacks
  • BankBot Found on Google Play and Targets Ten New UAE Banking Apps

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.