[1/5] 🚨 Malfixer has a new release on GitHub. This update was driven by a recent Antidot banking trojan sample: two previously unseen APK malformation techniques, actively used to hinder analysis pipelines.
https://t.co/G4bSCZZQo2
[1/4]🚨 APK Malformation is no longer a niche evasion tactic; it is now a standard in the Android MaaS ecosystem. Observed in 3,000+ samples across families like TeaBot, TrickMo, and SpyNote, it keeps malware fully functional while blinding static analysis tools.
[1/6] 🚨We tracked a new Android banking trojan fraud operation dubbed ToxicPanda, which has intriguing connections with tgToxic. According to our investigation, TAs are currently targeting European and LATAM countries.
‼️ (1/5) On October 7th, 2024, we identified a new dropper associated with the TeaBot banking trojan within the Google Play Store. The initial stage of infection originates from the following application (com.mastercreativestudio.documanagerandpdf):
(1/5) 🚨The Cleafy TIR team identified some campaigns involving a new variant of the Android malware TrickMo, incorporating new anti-analysis mechanisms. The variant uses malformed ZIP files and JSONPacker, and is distributed via a dropper disguised as the Google Chrome browser.
#Pryx group actively distributing a Golang RAT against #UAE gov.
The backdoor purpose is to download a Tor package to setup a Tor hidden service on the victim that act as a stealthy HTTP listener for backdoor-related activities.
Backdoor versions & IoCs discussed in thread 🧵👇
🚨@cluster25_io investigated a possible #APT campaign targeting #Russian dissidents. Using different lures, the #attacks aimed at organizations and citizens, leveraging a #reverseshell. Read more on: https://t.co/l5PUgqP039
🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: https://t.co/0vamzYLLON
🚨A seemingly legitimate #LinkedIn profile contacts you via direct message and offers you a job, sending a PDF file. This is the beginning of a bad story that leads to #DUCKTAIL infection. Read more on: https://t.co/0vamzYLLON
🚨 Cluster25 has uncovered phishing attacks likely linked to a pro-Russia nation-State adversary. These attacks, conducted in the context of the RU-UA conflict zone, leverage a recently discovered vulnerability (CVE-2023-38831) affecting WinRAR. Read more: https://t.co/Ji3FeXL9Nj
🚨Beware of #BEC#attacks!
Here, we are reporting a recent, well-prepared #fraud campaign involving the names of existing non-profit foundations as bait.
Read more on: https://t.co/eTamtT4pjp
#cybersecurity#scam
#BlackByte and his #ransomware continue operating all around the world, we dissected the latest version of this famous ransomware. Here the #Ida#Python script we used: https://t.co/2CMO5em1jT
Here the report: https://t.co/Jw6eMvWrfQ
Hoping this helps the community!
@cluster25_io has become partner of @dns0eu project!
Starting April 27, 2023, Cluster25 started sharing its #APT, #Phishing / #Fraud and #Malware indicators with DNS0 in order to further raise the #security levels of its users.
https://t.co/UHxY2Za2ne
The #chemical sector is definitely considered a critical infrastructure with #strategic goals, so it's a very attractive target for #threat actors.
Check out our overview about the #cyber#risks of the chemical sector!
https://t.co/Hmgs5FDREG
@cluster25_io joined the @virustotal community!
Starting from March 2023, part of our intelligence data will be shared with this amazing community, allowing users to get insights about suspicious IPs, domains, and URLs.
Enjoy our public #Intelligence!
https://t.co/IpdmzGkUoh
Similarly to some campaigns attributed to #APT29, the #DarkPink#APT abuses of the "SyncAppvPublishingServer" App-V service to silently execute arbitrary PowerShell code
#LOLBAS#TTPs