Cybercrime & Digital Threats

A variant of Loki info stealer that we detected through our honeypot is propagated as Windows CAB file email attachments. It uses process hollowing to evade detection.

Maze ransomware, notorious for not just encrypting but for stealing victims’ data, attacks a US IT firm. The company sent emails to customers which include IP addresses and file hashes that have been linked to previous Maze attacks.

Cybercriminals behind Nemty ransomware close down their Ransomware-as-a-Service (RaaS) operation as they zero in on private schemes. This is confirmed through a post in a Russian hacker forum.

Fake installers of popular messaging apps such as Viber and WhatsApp are propagated via fraudulent Russian websites. The installers are believed to be adware.

Researchers detected the “Twin Flower” campaign that simulates increased clicks to boost network traffic, boosting SEO ranking and advertising revenue.

Trend Micro researchers detected a new courier service themed malicious spam campaign that uses ACE files as attachments.

Cybercriminals exploit a feature in Excel that allows users to hide sheets by hiding obfuscated suspicious formulas in a “Very Hidden” sheet.

Trend Micro’s Managed XDR (MxDR) and Incident Response (IR) teams recently investigated an incident involving a company that was hit by the Nefilim ransomware.

Threat actors use Evernote and other platforms such as Canva, Lucidpress, and Infogram as host pages for credential phishing.