Quantcast
Channel: Threat Intelligence Team, Author at Malwarebytes Labs
Browsing latest articles
Browse All 60 View Live

Image may be NSFW.
Clik here to view.

Ransomware: February 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most...

View Article



Image may be NSFW.
Clik here to view.

Double header: IsaacWiper and CaddyWiper

As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review IsaacWiper and CaddyWiper, two new wipers that do not have much in common based on...

View Article

Image may be NSFW.
Clik here to view.

New spear phishing campaign targets Russian dissidents

This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a...

View Article

Image may be NSFW.
Clik here to view.

New UAC-0056 activity: There’s a Go Elephant in the room

This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and...

View Article

Image may be NSFW.
Clik here to view.

Colibri Loader combines Task Scheduler and PowerShell in clever persistence...

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura (2022-04-07): Added MITRE ATT&CK mappings (2022-04-07): Changed the name of the final payload...

View Article


Image may be NSFW.
Clik here to view.

Ransomware: March 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most...

View Article

Image may be NSFW.
Clik here to view.

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats...

View Article

Image may be NSFW.
Clik here to view.

Ransomware: April 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022...

View Article


Image may be NSFW.
Clik here to view.

APT34 targets Jordan Government using new Saitama backdoor

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named...

View Article


Image may be NSFW.
Clik here to view.

Custom PowerShell RAT targets Germans seeking information about the Ukraine...

This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a...

View Article

Image may be NSFW.
Clik here to view.

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by...

View Article

Image may be NSFW.
Clik here to view.

FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, ‘Follina’, already being exploited in the wild via malicious Word documents. Q: What exactly is...

View Article

Image may be NSFW.
Clik here to view.

Ransomware: May 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti...

View Article


Image may be NSFW.
Clik here to view.

MakeMoney malvertising campaign adds fake update template

Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely...

View Article

Image may be NSFW.
Clik here to view.

Taking down the IP2Scam tech support campaign

Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and...

View Article


Image may be NSFW.
Clik here to view.

Client-side Magecart attacks still around, but more covert

This blog post was authored by Jérôme Segura We have seen and heard less buzz about ‘Magecart’ during the past several months. While some companies continue to rehash the same breaches of yesteryear,...

View Article

Image may be NSFW.
Clik here to view.

Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting...

View Article


Image may be NSFW.
Clik here to view.

Ransomware review: June 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents...

View Article

Image may be NSFW.
Clik here to view.

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest...

This blog was authored by Roberto Santos and Hossein Jazi The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence...

View Article

Image may be NSFW.
Clik here to view.

Google ads lead to major malvertising campaign

Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream...

View Article
Browsing latest articles
Browse All 60 View Live




Latest Images