Summary

Total Articles Found: 4

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
  • CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
  • QNodeService: Node.js Trojan Spread via Covid-19 Lure

Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

Published: 2020-05-12 12:18:31

Popularity: 4

Author: Trend Micro

Keywords:

  • Malware
  • Targeted Attacks
  • cyberespionage
  • KeyBoy
  • military
  • USB
  • USBferry
  • We found that Tropic Trooper’s latest activities center on targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information. The post Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments appeared first on .

    ...more

    QNodeService: Node.js Trojan Spread via Covid-19 Lure

    Published: 2020-05-14 17:29:19

    Popularity: 4

    Author: Trend Micro

    Keywords:

  • Malware
  • Node.js
  • QNodeService
  • Trojan
  • QNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. The post QNodeService: Node.js Trojan Spread via Covid-19 Lure appeared first on .

    ...more

    CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution

    Published: 2019-03-14 12:01:00

    Popularity: 65

    Author: Trend Micro

    Keywords:

  • Vulnerabilities
  • CVE-2019-7238
  • Nexus Repository Manager 3
  • NXRM
  • A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning. The post CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution appeared first on .

    ...more

    From Fileless Techniques to Using Steganography: Examining Powload’s Evolution

    Published: 2019-03-12 15:31:16

    Popularity: 66

    Author: Trend Micro

    Keywords:

  • Malware
  • Spam
  • BEBLOH
  • Powload
  • steganography
  • URSNIF
  • 🤖: "Malware evolution"

    In some of the recent Powload-related incidents we saw, we noticed significant changes to some of the attachments in the spam emails: the use of steganography and targeting of specific countries. Figure 2 shows the difference. For example, the samples we analyzed in early 2018 had more straightforward infection chains. These updates added another stage to the execution of malicious routines as a way to evade detection. The Powload variants that use these techniques drop and execute the Ursnif and Bebloh data stealers. We did not see any notable differences in the payloads’ routines. The distribution tactics also resemble a spam campaign we uncovered last year, which delivered the same information stealers but distributed via the Cutwail botnet. The post From Fileless Techniques to Using Steganography: Examining Powload’s Evolution appeared first on .

    ...more

    end