This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers.
Category: Trend Micro Research : Malware
Exploits, Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
Threat actors exploited Cloudflare’s free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : How To, Trend Micro Research : Malware, Trend Micro Research : Phishing
Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security
The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Ransomware
Elevate Your Cloud Security Strategy
Learn to elevate your cloud security strategy & overcome complexity with Vision One™.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Ransomware
What’s your CNAPP maturity?
More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software supply chain, putting countless downstream users at risk.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing
Trend & AWS Partner on Cloud IPS: One-Click Protection
In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware
Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics
In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Ransomware
How are you managing cloud risk?
Learn why managing cloud risk demands unified visibility, continuous risk assessment, and efficient security operations. Discover how a full-featured CNAPP like Trend Vision One™ Cloud Security enables organizations to move from reactive to proactive cloud protection.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C
Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research
Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms.
Global Security News, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Global Security News, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Global Security News, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Global Security News, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Global Security News, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Global Security News, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Malware, Trend Micro Research : Research
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide.
Global Security News, Trend Micro Research : Endpoints, Trend Micro Research : Expert Perspective, Trend Micro Research : Investigations, Trend Micro Research : Malware, Trend Micro Research : Research
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps
Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation.
Global Security News, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : How To, Trend Micro Research : Malware, Trend Micro Research : Phishing
Unlocking the Power of Amazon Security Lake for Proactive Security
Security is a central challenge in modern application development and maintenance, requiring not just traditional practices but also a deep understanding of application architecture and data flow. While organizations now have access to rich data like logs and telemetry, the real challenge lies in translating this information into actionable insights. This article explores how leveraging…
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
Back to Business: Lumma Stealer Returns with Stealthier Methods
Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research
Uncovering a Tor-Enabled Docker Exploit
A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research
Uncovering a Tor-Enabled Docker Exploit
A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research
Uncovering a Tor-Enabled Docker Exploit
A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research
Uncovering a Tor-Enabled Docker Exploit
A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
Global Security News, Trend Micro Research : Expert Perspective, Trend Micro Research : Investigations, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
Global Security News, Trend Micro Research : Expert Perspective, Trend Micro Research : Investigations, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
Global Security News, Trend Micro Research : Expert Perspective, Trend Micro Research : Investigations, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
Exploits, Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
Updated Shadowpad Malware Leads to Ransomware Deployment
In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication.
Exploits, Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
Updated Shadowpad Malware Leads to Ransomware Deployment
In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication.
Exploits, Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research
Updated Shadowpad Malware Leads to Ransomware Deployment
In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication.
