Threat analysis

Fake “Corona Antivirus” distributes BlackNET remote administration tool - Beware of fraudulent antivirus products taking advantage of the COVID-19 crisis.
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT - We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.
Rocket Loader skimmer impersonates CloudFlare library in clever scheme - URLs can be deceiving, but the one used to mimic CloudFlare's Rocket Loader in the latest Magecart attack takes it to a whole new level.
Domen toolkit gets back to work with new malvertising campaign - We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.
Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server - Criminals set up fraudulent infrastructure that looks like a typical content delivery network—except it isn't. Behind it hides a credit card skimmer injected into Magento online stores.
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation - We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we've seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.
New evasion techniques found in web skimmers - As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.
Spelevo exploit kit debuts new social engineering trick - In order to maximize infection rate, threat actors are now launching the Spelevo exploit kit with a decoy adult site, social engineering users into downloading a malicious video player.
Hundreds of counterfeit online shoe stores injected with credit card skimmer - A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.

Select your language