Threat Intelligence

Beauty and the Beast: Are These Domains Possible Vehicles for Cosmetic Product Counterfeiting?

Months after TikTok launched its marketplace in September 2021, several users have raised concerns about the authenticity of the products they purchased. The complaints mainly pertain to beauty products, such as sunscreens, lip glosses, and makeup brushes. Aside from being ripped off, consumers may be exposed to more danger.

Are Threat Actors Intercepting Your OTPs? These Cyber Resources Might Be Helping Them

A group of researchers recently discovered a new Android banking Trojan they called "Revive" since threat actors designed it to restart if it stops working. Once a device is infected, hackers can intercept messages, including online banking one-time passwords (OTPs). Revive also enables attackers to steal login credentials since it can read and store everything the user types on the infected device.

Luxury Jewelry, Anyone? Watch Out for Fakes

Scammers and counterfeiters are always on the lookout for quick gains. And the more expensive the fake item, the bigger the possible gain. It’s no wonder then why they’re looking to mimic the world’s most popular luxury jewelers.

Koobface Makes a Comeback

The Koobface Gang gained notoriety from 2008 to the 2010s for spreading malware via Facebook and other social networks. Believe it or not, the gang amassed millions of dollars from their online scams while hiding in plain sight in St. Petersburg, Russia. After being publicly identified in 2012, the gang members shut down their operations.

Unlike Its Namesake, Aoqin Dragon Isn’t Mythical

Aoqin Dragon, like the mythical character it's named after, has recently been unearthed after nearly a decade of flying under the cybersecurity community's radar. Now believed to have been active since 2013, the advanced persistent threat (APT) group has targeted various organizations in the government, education, and telecommunications sectors.

Matanbuchus with Cobalt Strike: Not Your Favorite Combo

For US$2,500, threat actors can employ Matanbuchus, a malware-as-a-service (MaaS) package found delivering Cobalt Strike beacons through phishing and spam messages. Cobalt Strike is a powerful security tool that threat actors are increasingly using as a reconnaissance and post-exploitation weapon.

DNS Business Impersonation Landscape Report – 2022 Edition

Threat actors are increasingly impersonating businesses in phishing attacks. In May 2022, 52% of business email compromise (BEC) scams impersonated third-party organizations, exposing businesses to supply chain attacks.

Conti Ransomware: Still Alive and Kicking

Conti ransomware surfaced as far back as 2020. Believed to have been created by Russia-based cybercriminal group Wizard Spider, it has been involved in a multitude of double extortion campaigns over the years.

Predator Surveillance Software May Not Be Lawful at All

As technology advances, so does the world of espionage. That has given birth to several companies, such as Cytrox, that specialize in creating spyware. Predator, along with other applications of its kind, has been advertised as legal spyware-for-hire.

GALLIUM APT Group and Other Threat Actors in Disguise

Two cyber threats recently caught the attention of WhoisXML API researchers, primarily since parts of their infection chain hide behind legitimate services. This tactic is tricky for security teams because blocking the domains involved means blocking legitimate applications, too.