We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware.
Read More
We found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.
Read More
We found new details on the tools and techniques the Momentum botnet is currently using to compromise devices and perform distributed denial-of-service (DDoS) attacks, and propagate with numerous exploits.
Read More
The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
Read More We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign known for using the Kovter botnet malware, which was distributed mainly through malvertisements and exploit kits. Kovter has been involved in click fraud operations since 2015, using fraudulent ads that have reportedly cost businesses more than US$29 million. The botnet was taken down at the end of 2018 through concerted efforts by law enforcement and cybersecurity experts, including Trend Micro.
Read More