We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software.
Tag: Trend Micro Research : Malware
Security Vendor News
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
by Hitomi Kimura •
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.
Security Vendor News
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
by Cifer Fang •
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys.
Security Vendor News
S4x22: ICS Security Creates the Future
by Kazuhisa Tagaya •
The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE.
Security Vendor News
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
by Aliakbar Zahravi •
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions.
Security Vendor News
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
by Christoper Ordonez •
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.
Security Vendor News
TM Named CWS “Strong Performer” in Forrester Wave 2022
by Trend Micro Research, News, Perspectives •
Trend Micro was named a strong performer in the Forrester Wave™: Cloud Workload Security, Q1 2022, achieving the highest possible score in the market presence category. That said, Trend Micro Cloud One secures far more than workloads and containers.
Security Vendor News
TM Named CWS “Strong Performer” by Research Firm
by Trend Micro Research, News, Perspectives •
Trend Micro was named a strong performer in the Forrester Wave™: Cloud Workload Security, Q1 2022, achieving the highest possible score in the market presence category. That said, Trend Micro Cloud One secures far more than workloads and containers.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 3
by Trend Micro Research, News, Perspectives •
In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.
Security Vendor News
An In-Depth Look at ICS Vulnerabilities Part 1
by Trend Micro Research, News, Perspectives •
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Security Vendor News
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
by Sherif Magdy •
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate ap…
Security Vendor News
Cyberattacks are Prominent in the Russia-Ukraine Conflict
by Trend Micro Research •
Alongside the physical conflict happening between Russia and Ukraine, there have also been an increasing number of alleged cyberattacks perpetrated by different groups.
Our research teams have verified and validated internal data and external reports t…
Security Vendor News
SMS PVA Part 3: Countries Most Impacted by Service
by Trend Micro Research, News, Perspectives •
In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats.
Security Vendor News
SMS PVA Part 2: Underground Service for Cybercriminals
by Trend Micro Research, News, Perspectives •
In part two of this blog entry, we further investigate the innings of smspva.net and discuss the impact and implications of such services.
Security Vendor News
SMS PVA Part 1: Underground Service for Cybercriminals
by Trend Micro Research, News, Perspectives •
In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it.
Security Vendor News
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network
by Luis Magisa •
A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic. We dive into old iterations of this malware, and also analyze the newest version.
Security Vendor News
This Week in Security News – February 11, 2022
by Jon Clay •
Hidden scams in malicious scans, and feds arrest couple who allegedly laundered $1 Billion in stolen bitcoins
Security Vendor News
This Week in Security News – February 4, 2022
by Jon Clay •
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. Learn about the Samba vulnerability discovered by Trend Micro the White House’s warning of Russian hacks as te…
Security Vendor News
This Week in Security News – January 28th, 2022
by Jon Clay •
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read the third installment of Trend Micro’s Codex series. Also, read about the White House’s latest…
Security Vendor News
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
by Trend Micro Research, News, Perspectives •
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be present…
Security Vendor News
TianySpy Malware Uses Smishing Disguised as Message From Telco
by Trend Micro Research, News, Perspectives •
Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services.
Security Vendor News
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
by Ian Kenefick •
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection.
Security Vendor News
Cybersecurity for Industrial Control Systems: Part 2
by Ericka Pingol •
To cap off the series, we’ll discuss malware detection and distribution in various countries. Our team also rounds up several insights to help strengthen ICS cybersecurity and mitigate malware attacks.
Security Vendor News
Defending Users’ NAS Devices From Evolving Threats
by Stephen Hilt •
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices.
Security Vendor News
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
by Joseph C Chen •
Our technical brief provides an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure it uses.
Security Vendor News
Cybersecurity for Industrial Control Systems: Part 1
by Trend Micro Research •
In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats.
Security Vendor News
This Week in Security News – January 14, 2022
by Jon Clay •
This week, read about how crucial it is for security teams to adopt an integrated approach to threat detection, such as remote control, and Congress’s plan to update the Federal Information Security Management Act (FISMA) for the first time in eight ye…
Security Vendor News
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
by Abraham Camba •
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign.
Security Vendor News
A Look Into Purple Fox’s Server Infrastructure
by Jay Yaneza •
By examining Purple Fox’s routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers (SOCs), and security researchers find and weed out Purp…
Security Vendor News
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
by Nitesh Surana •
We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware.
Security Vendor News
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
by Jaromir Horejsi •
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious …
Security Vendor News
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
by Ian Kenefick •
We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques.
Security Vendor News
Groups Target Alibaba ECS Instances for Cryptojacking
by David Fiser •
We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero.
Security Vendor News
Does Home IoT Compromise Enterprise Security?
by William Malik •
The most recent Pwn2Own (Fall 2021 Pwn2Own Austin) includes more IoT entries than ever. This gives us an opportunity to probe today’s largest and newest enterprise attack surface: the home office.
Security Vendor News
Does Home IoT Compromise Enterprise Security?
by William Malik •
The most recent Pwn2Own (Fall 2021 Pwn2Own Austin) includes more IoT entries than ever. This gives us an opportunity to probe today’s largest and newest enterprise attack surface: the home office.
Security Vendor News
PurpleFox Adds New Backdoor That Uses WebSockets
by Abdelrhman Sharshar •
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimi…
Security Vendor News
Ransomware Operators Found Using New “Franchise” Business Model
by Fernando Merces •
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a “supplier” ransomware before deployment instead of simply distributing it under the origi…
Security Vendor News
Ransomware Operators Found Using New “Franchise” Business Model
by Fernando Merces •
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a “supplier” ransomware before deployment instead of simply distributing it under the origi…
Security Vendor News
Actors Target Huawei Cloud Using Upgraded Linux Malware
by Alfredo Oliveira •
In this article, we discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud.