DNS abuse combined with redirection seems to be gaining popularity as a stealth mechanism. We've just seen Decoy Dog employ the same tactic. More recently, a still-unnamed JavaScript (JS) malware has been wreaking havoc among WordPress site owners by abusing Google Public DNS to redirect victims to tech support scam sites. more
Phishers the world over have been patronizing and utilizing the 16shop phishing kit since at least 2018. The kit's users have been known to steal data and money from the customers of some of today's biggest brands, including Amazon, American Express, and PayPal. more
Given the ubiquity of mobile phone usage, you'd think we'd all know by now how to tell legitimate from scammy text messages. Then again, cybercriminals are always on top of their game -- learning how the latest technologies work and finding ways to abuse them. more
Financially motivated threat actors called "TA544" were first detected in 2017. TA544 is known for high-volume campaigns, sending hundreds of thousands of malicious messages daily. more
WoofLocker tech support scams have been wreaking havoc since 2017 but the threat actors behind it don't seem to be done yet. In fact, the threat may have become even more resilient. more
Decoy Dog, a malware renowned for abusing the DNS, specifically by establishing command and control (C&C) via DNS queries, first reared its head most likely in early 2022. Given its sly nature, the DNS malware has been used to successfully steal data from organizations throughout Russia and other Eastern European nations. more
We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings. more
APT41, also known as "Winnti," "BARIUM," or "Double Dragon," is an APT group said to originate from China. Having been active since 2012, APT41 rose to infamy by successfully launching targeted cyber espionage attacks on government agencies and private companies worldwide. more
Even solutions meant to enhance security can sometimes fall prey to the best cyber attackers. That's what happened to JumpCloud, a cloud-based directory service platform designed to centralize and simplify identity access management (IAM). more
Cyber espionage group MuddyWater's or Mercury's first major campaign was seen as early as 2012. But as things always go in the cybersecurity realm, threat groups, especially those that gain infamy, don't necessarily just come and go. more
A World-Renowned Source for Internet Developments. Serving Since 2002.