Threat Intelligence

The many tentacles of Magecart Group 8 - In this blog we follow different leads to unravel sprawling infrastructure used by Magecart Group 8.
New variant of Konni malware used in campaign targetting Russia - A North Korean APT is targeting Russian interests with new version of Konni RAT.
Crimea “manifesto” deploys VBA Rat using double attack vectors - A Crimean
AvosLocker enters the ransomware scene, asks for partners - We examine AvosLocker, a new ransomware aiming to grow into the coveted big game hunting space.
Remcos RAT delivered via Visual Basic - We review a malware distribution campaign via malspam involving the Remcos remote access Trojan.
Lil’ skimmer, the Magecart impersonator - We review Lil' Skim, a simple yet busy Magecart skimmer found via a number of lookalike domains.
Kimsuky APT continues to target South Korean government using AppleSeed backdoor - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.
Revisiting the NSIS-based crypter - In this blog we look at the constantly evolving NSIS crypter which malware authors have been leveraging as a flexible tool to pack and encrypt their samples.
Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity - This skimmer is using a hybrid approach to bypass detection and target vulnerable e-commerce websites.

Select your language