Malware

Malware / Industry Updates

Four Steps to Mitigate Subdomain Hijacking

The journey towards widespread Cloud adoption has significantly impacted domain name system (DNS) management practices. Initially, businesses operated their own data centers, however the shift towards external hosting providers has introduced complexities and increased the potential for DNS record mismanagement, and therefore, subdomain vulnerability.

Hunting for TimbreStealer Malware Artifacts in the DNS

A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico.

A Peek at the PikaBot Infrastructure

It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google's security measures by setting up decoy infrastructures.

A Log4Shell Malware Campaign in the DNS Spotlight

The Log4Shell zero-day vulnerability, also known as "CVE -- 2021 -- 44228," proved to be one of the worst bugs disclosed in December 2021. And while a patch for it has been made available via the Log4j 2.17.1 release seven days after its discovery, some affected systems could remain vulnerable to date.

Unveiling Stealthy WailingCrab Aided by DNS Intelligence

The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT.

DNS Abuse and Redirection: Enough for a New JS Malware to Hide Behind?

DNS abuse combined with redirection seems to be gaining popularity as a stealth mechanism. We've just seen Decoy Dog employ the same tactic. More recently, a still-unnamed JavaScript (JS) malware has been wreaking havoc among WordPress site owners by abusing Google Public DNS to redirect victims to tech support scam sites.

Decoy Dog, Too Sly to Leave DNS Traces?

Decoy Dog, a malware renowned for abusing the DNS, specifically by establishing command and control (C&C) via DNS queries, first reared its head most likely in early 2022. Given its sly nature, the DNS malware has been used to successfully steal data from organizations throughout Russia and other Eastern European nations.

A DNS Deep Dive Into Malware Crypting

Each time organizations shore up their network defenses, cybercriminals devise new and innovative ways to up the cyber attack ante. That's actually the rationale behind malware crypting - the process of making malicious programs, apps, and files appear harmless to anti-malware and intrusion detection solutions.

A DNS Deep Dive: That VPN Service May Be OpcJacker in Disguise

The more dangerous browsing the Internet becomes, the more tools to address cyber threats emerge in the market. Virtual private network (VPN) service usage, for instance, gained ubiquity due to the ever-increasing number of data privacy intrusions.

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

As all initial-access threats go, SocGholish is among the trickiest. It often comes disguised as software updates, deceiving victims into downloading a malicious payload that could eventually lead to more lethal cyber attacks. In fact, researchers at ReliaQuest found evidence that an initial SocGholish malware distribution was intended to deploy ransomware.