Cybersecurity

Igniting a DNS Spark to Investigate the Inner Workings of SparkCat

SecureList recently published a study of Android and iOS apps that have been laced with a malicious software development kit (SDK) dubbed "SparkCat" that steals crypto wallet recovery phrases.

DNS Deep Diving Into 2025’s Up and Coming Ransomware Families

Ransomware attacks have been plaguing individual users and organizations worldwide for years now. And that is not surprising because they work. In fact, ransomware victims were asked to pay an average of US$2.5 million in 2024.

A DNS Investigation of SEO Manipulation via Bad Seed BadIIS

Trend Micro researchers recently uncovered a search engine optimization (SEO) manipulation campaign targeting users of Internet Information Services (IIS) with BadIIS.

Malicious Ads Targeting Advertisers in the DNS Spotlight

Microsoft and Google almost always land on the list of most-phished brands, and that is not surprising given their huge market presence. And phishers are often the most likely threat actors to bank on the brands' popularity for the success of their attacks.

Sneaking a Peek into the Inner DNS Workings of Sneaky 2FA

Sneaky 2FA, believed to be sold via the phishing-as-a-service (PhaaS) business model, recently figured in an adversary-in-the-middle (AitM) attack targeting Microsoft 365 users. Marketed as Sneaky Log by a full-featured bot on Telegram, Sneaky 2FA reportedly used fake Microsoft authentication pages with automatically filled-in email address fields to add to its sense of authenticity.

Unloading MintsLoader IoCs Using DNS Intelligence

Several American and European organizations across the energy, oil and gas, and legal sectors were recently targeted by a campaign leveraging MintsLoader, a malware loader that delivers malicious software to a victim's device.

DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up

It's not unusual for threat actors to pick up after fellow cyber attackers shut down their operations. Many of them still want to cause as much trouble without having to start from scratch - building their own malicious creations and infrastructure.

DNS Deep Dive: Peeking into Back Doors to Abandoned but Live Backdoors

watchTowr Labs investigated thousands of abandoned but live backdoors installed on various compromised sites to determine what data the original backdoor owners have stolen. They published their findings in "Backdooring Your Backdoors -- Another $20 Domain, More Governments" and, in the process, identified 34 domains as indicators of compromise (IoCs).

DNS Insights on a Free Form Builder Service Phishing Campaign

Unit 42 of Palo Alto Networks recently uncovered a phishing campaign targeting European companies to harvest victims' account credentials and take over their Microsoft Azure cloud infrastructure. According to their report, the phishing attempts leveraging the HubSpot Free Form Builder service peaked in June 2024.

More Signs of the more_eggs Backdoor Found in the DNS

Using resumes to fake job applications is not a novel social engineering lure for run-of-the-mill phishing campaigns. But utilizing the same tactic to launch a targeted attack isn't that common.