APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.

Read more

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks.

Read more

Fake IRS notice delivers customized spying tool

Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT).

Read more

Select your language