• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   RAT

Lost Door RAT: Accessible, Customizable Attack Tool
  • Posted on:May 3, 2016 at 12:00 pm
  • Posted in:Malware, Targeted Attacks
  • Author:
    Janus Agcaoili (Threat Response Engineer)
0

We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers. Using this feature enables remote systems to connect to a specific computer or service within a private local-area network (LAN). However, when used maliciously, this feature allows remote attackers to mask their activities in the network and avoid immediate detection. Because this RAT is easy to customize, even knowledge of the indicators of compromise (which may change as a result) may not be sufficient in thwarting the threat. Easily customizable RATs like Lost Door can be hard to detect and protect against, posing a challenge to IT administrators.

Read More
Tags: Lost Door RATRATunderground cybercrimeunderground market

Nigerian Cuckoo Miner Campaign Takes Over Legitimate Inboxes, Targets Banks
  • Posted on:October 1, 2015 at 5:00 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

When it comes to threat investigations, we often treat the malicious binary as the smoking gun or the crown jewel of the investigation. However, examining the other components can produce the bigger picture that will be far more detailed than simply focusing on the binary.

By looking beyond one malicious file, we were able to determine that a slew of seemingly unrelated phishing emails were in fact, part of a campaign targeting banks and financial institutions across the globe. The attackers used other banks’ email accounts to send the phishing emails to their targeted banks in order to gain access and remotely control their computers. We are calling this campaign “Cuckoo Miner.” The attackers’ method of taking over legitimate inboxes to prey on victims echoes the cuckoo’s distinct act of tricking other birds into raising its chick by taking over their nests.

Read More
Tags: 419 scamarablabcarbanakCuckoo MinerDARKSUNnigerian scamphishingRAT

The Blackshades RAT – Entry-Level Cybercrime
  • Posted on:May 26, 2014 at 12:05 am
  • Posted in:Malware
  • Author:
    Rhena Inocencio (Threat Response Engineer)
0

Earlier this week the US government announced the arrest of more than 100 individuals linked to the Blackshades remote access Trojan (RAT). While most of those arrested were merely users of this RAT, the arrests included its co-creator, a 24-year-old Swede named Alex Yücel. Also arrested was a 23-year-old American named Brendan Johnston, who was involved in…

Read More
Tags: BlackshadescybercrimeMalwareRATremote access too

Old Java RAT Updates, Includes Litecoin Plugin
  • Posted on:April 16, 2014 at 12:00 pm
  • Posted in:Malware, Spam
  • Author:
    Mark Joseph Manahan (Threat Response Engineer)
0

Out with the old, in with the new? When it comes to cybercrime, that’s rarely the case. We often seen old malware get upgrades with new techniques, payloads, and even targets. This is certainly the case for an old Java remote access Trojan (RAT) detected as JAVA_OZNEB.B. Users may encounter this threat as an attachment…

Read More
Tags: JavaMalwareRATSpam

Kunming Attack Leads to Gh0st RAT Variant
  • Posted on:March 13, 2014 at 9:30 am
  • Posted in:Malware, Spam, Targeted Attacks
  • Author:
    Kervin Alintanahin (Threats Analyst)
0

Recently, a mass stabbing incident in Kunming, China left 29 victims dead. We came across an email which used this incident as social engineering bait. To appear legitimate, the message talks about the incident at length and cites several news outlets as its sources. It encourages the user to open the attached document for more information….

Read More
Tags: GhostnetKunmingRAT
Page 1 of 212

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.