• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   JavaScript

Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

  • Posted on:August 5, 2019 at 5:03 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that it’s in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.

Read More
Tags: banking TrojanJavaScriptJSmacroMicrosoft Word

Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts

  • Posted on:April 23, 2019 at 5:13 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

We recently discovered malicious Microsoft Software Installation (MSI) files that download and execute other files, and could bypass traditional security solutions. Malicious actors can abuse custom actions in these files to execute malicious scripts and drop malware that are either capable of initiating a system shutdown or targeting financial systems located in certain locations.

Read More
Tags: JavaScriptJScriptPowershellVBScriptWindows

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

  • Posted on:March 28, 2019 at 5:02 am
  • Posted in:Bad Sites, Mobile
  • Author:
    Joseph C Chen (Fraud Researcher)
0

We discovered a phishing campaign targeting South Korean websites and users’ credentials using the watering hole technique. Labeling the campaign Soula, cybercriminals injected a malicious JS code in at least four websites for a fake login pop-up to appear at intervals before they can continue using the pages.

Read More
Tags: JavaScriptphishingSouth Koreawatering hole

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

  • Posted on:August 7, 2017 at 5:45 am
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts; this is meant to make detection and blocking more challenging, particularly by whitelisting-based solutions.

We’ve observed at least five runs from June 23 to July 27, 2017, each of which sent several malicious emails per target. Affected industries were financial institutions, including banks, and mining firms. Of note is how the attackers diversified their tactic—sending different emails for each run, per target.

Read More
Tags: backdoorCVE-2017-0199JavaScriptPowershell

Total Recall: The Month of Mass Compromises

  • Posted on:May 30, 2008 at 3:26 am
  • Posted in:Bad Sites
  • Author:
    Arman Capili (Technical Communications)
0

It is that month of the year when flowers are in full bloom and people celebrate them in festive events. And it seems that same eventful—but darker—tone can be used to describe the month of May for the security industry. Trend Micro has so far documented several mass compromises of Web sites around the world…

Read More
Tags: iFrameJavaScriptSQL injectionweb sites compromises

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Mac Backdoor Linked to Lazarus Targets Korean Users
  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
  • Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.