Cybercrime & Digital Threats

We recently acquired a spam sample that propagates the Loki infostealer through LZH compressed archive files.

A campaign propagates a new malware named ‘BazarBackdoor’, a fileless backdoor reportedly created by the same threat actors behind TrickBot.

Threat actors take advantage of the spread of COVID-19 for malicious campaigns. Goods and services related to the virus also appear in underground marketplaces and cybercriminal forums.

Is your work-from-home set up secure? Here are a few signs to know if your devices have been hacked or infected with malware.

A variant of Loki info stealer that we detected through our honeypot is propagated as Windows CAB file email attachments. It uses process hollowing to evade detection.

Cybercriminals behind Nemty ransomware close down their Ransomware-as-a-Service (RaaS) operation as they zero in on private schemes. This is confirmed through a post in a Russian hacker forum.

Fake installers of popular messaging apps such as Viber and WhatsApp are propagated via fraudulent Russian websites. The installers are believed to be adware.

Researchers detected the “Twin Flower” campaign that simulates increased clicks to boost network traffic, boosting SEO ranking and advertising revenue.

Trend Micro researchers detected a new courier service themed malicious spam campaign that uses ACE files as attachments.