• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Spam

From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
  • Posted on:March 12, 2019 at 8:31 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

In some of the recent Powload-related incidents we saw, we noticed significant changes to some of the attachments in the spam emails: the use of steganography and targeting of specific countries. Figure 2 shows the difference. For example, the samples we analyzed in early 2018 had more straightforward infection chains. These updates added another stage to the execution of malicious routines as a way to evade detection.

The Powload variants that use these techniques drop and execute the Ursnif and Bebloh data stealers. We did not see any notable differences in the payloads’ routines. The distribution tactics also resemble a spam campaign we uncovered last year, which delivered the same information stealers but distributed via the Cutwail botnet.

Read More
Tags: BEBLOHPowloadSpamsteganographyURSNIF

Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Posted on:February 12, 2019 at 5:03 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

Trickbot’s authors clearly aren’t done updating it — we recently found a new variant that uses an updated version of the pwgrab module that lets it grab remote application credentials.

Read More
Tags: pwgrabSpamTrickbot

Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • Posted on:October 29, 2018 at 12:07 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

Cybercriminals make use of old file types in brand-new ways in spam attachments, proving that they are regularly experimenting to evade spam filters.

Read More
Tags: MalwareSpamspam campaign

Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Posted on:October 24, 2018 at 5:00 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

We recently found a malware that abuses two legitimate Windows files — the command line utility wmic.exe  and certutil.exe, a program that manages certificates for Windows — to download its payload onto the victim’s device. What’s notable about these files is that they are also used to download other files as part of its normal set of features, making them susceptible to abuse for malicious purposes.

Read More
Tags: CertutilMalwareSpamWindowsWMIC

Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  • Posted on:October 9, 2018 at 5:00 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.

Read More
Tags: MalwareManaged Detection and ResponsephishingSpamURSNIF
Page 1 of 2812 › »

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
  • Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
  • Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.