Malware

Malware Persistence versus Early Detection: AutoIT and Dridex IoC Expansion Analysis

AutoIT-compiled malware and Dridex trace their roots to as far back as 2008 and 2014, respectively. As malware variants go, therefore, they've both had a long history and taken on various forms over time. But despite having been detected and consequently blocked with each new version, they're still alive and kicking -- a testament to their persistence.

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

More sophisticated BazarCall campaigns have been circulating and delivering ransomware entry points to victims. While the bait still involves urgent notification emails about nonexistent purchases or subscriptions, the subsequent phase highlights the threat actors' manipulative skills.

Eternity’s LilithBot, Soon Available to Regular Internet Users?

Eternity, also known as the "EternityTeam" or "Eternity Project," has been active since January 2022 and tied to the Jester Group. It gained infamy for using the as-a-service subscription model to distribute its own brand of malware modules via underground forums.

Alleviating BlackEnergy-Enabled DDoS Attacks

BlackEnergy first appeared in 2007. Designed to launch distributed denial-of-service (DDoS) attacks or download customized spam or banking data-stealer plug-ins, it was again used to target the State Bar of Georgia last May

GALLIUM APT Group and Other Threat Actors in Disguise

Two cyber threats recently caught the attention of WhoisXML API researchers, primarily since parts of their infection chain hide behind legitimate services. This tactic is tricky for security teams because blocking the domains involved means blocking legitimate applications, too.

Both Aged and New Domains Play a Role in the NDSW/NDSX Malware Campaign

Cyber attackers typically use newly registered domains (NRDs) in their campaigns to evade detection, particularly since the implementation of privacy protection in WHOIS records. But some also use aged domains like the SolarWinds hackers to render a sense of legitimacy to their pages.

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

It is quite natural to get prompts from software manufacturers saying you need to update your installed apps every so often for better security or to fix bugs. But you should know, too, that threat actors often use program update notifications as malware distribution vehicles.

Threat Actors Might Be Interested in Elon Musk’s Twitter Purchase, Too

The Internet has been abuzz with talks about Elon Musk buying Twitter since he made an initial offer of US$44 billion on 14 April 2022. The even bigger news? Twitter accepted the offer despite some employees' qualms about Musk's future plans for the company.

We Don’t Want to Spoil Mother’s Day but These Domains Might

We're supposed to spoil our mothers on Mothers' Day, but with various scams out there, you may end up losing money or with a malware-infected device. WhoisXML API researchers found more than a thousand digital properties that could be used in Mothers' Day scams.

Behind the Innovative Marketing Rogue Scareware Distribution Network

Cybercriminal network Innovative Marketing made headlines in rogue scareware's heyday. Between its founding in Kyiv, Ukraine, in 2009 and the three years it continued operating, the company reportedly amassed close to US$700 million in revenue.