Trend Micro researchers reported recently that since September 2022, attackers have been actively using a malware obfuscation engine called BatCloak, which allows cybercriminals to effectively hide malicious code from antivirus solutions. According to experts, with BatCloak attackers can easily download different families of malware and exploits through heavily obfuscated batch files. Of the 784 malware… Continue reading BatCloak’s New Obfuscation Engine Outperforms 80% of Antiviruses
Tag: Trend Micro
Real People Perform CAPTCHA Solving Services for Hackers
Trend Micro analysts talked about several services that offer CAPTCHA solving services for cybercriminals. According to the researchers, often these services do not use advanced character recognition and machine learning methods, instead CAPTCHAs are simply solved by real people. Let me remind you that we also wrote that CAPTCHA in Discord Asks Users to Find… Continue reading Real People Perform CAPTCHA Solving Services for Hackers
Trend Micro: Millions of Android Devices Contain Malware Right in the Firmware
Trend Micro analysts presented an interesting report at the Black Hat Asia conference: according to their information, millions of Android devices around the world have malware directly embedded in their firmware and are infected with it before they leave the factory where they were produced. Basically, we are talking about cheap Android mobile phones, but… Continue reading Trend Micro: Millions of Android Devices Contain Malware Right in the Firmware
Attackers Can Use GitHub Codespaces to Host and Deliver Malware
Trend Micro reports that the GitHub Codespaces cloud development environment, available to the public use since November 2022, can be used to store and deliver malware, as well as malicious scripts. Let me remind you that we also talked about Hackers Bypass CAPTCHA on GitHub to Automate Account Creation, and also that Hackers compromised Slack… Continue reading Attackers Can Use GitHub Codespaces to Host and Deliver Malware
Hackers Are Misusing Google Ads to Spread Malware
Malware operators and other hackers are increasingly abusing Google Ads to distribute malware to users who are looking for popular software. So, you can encounter malicious ads when searching for Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave. Let me remind you that we also wrote… Continue reading Hackers Are Misusing Google Ads to Spread Malware
Raspberry Robin Worm Uses Fake Malware to Trick Security Researchers
The Raspberry Robin worm uses new tactics to evade detection and seeks to confuse security experts if it runs in a sandbox or notices debugging tools. To do this, the malware uses fake payloads, Trend Micro experts say. Let me remind you that Raspberry Robin is a dropper that has the functionality of a worm,… Continue reading Raspberry Robin Worm Uses Fake Malware to Trick Security Researchers
Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
Chinese Hackers Injected a Backdoor into the MiMi Messenger
SEKOIA and Trend Micro specialists published reports on the activity of the Chinese hack group APT27 (aka Emissary Panda, Iron Tiger, and LuckyMouse) and said that hackers introduced a backdoor into the MiMi messenger. The attackers have created a cross-platform malicious version of the Chinese messenger MiMi (秘密, “secret” in Chinese), and use it to… Continue reading Chinese Hackers Injected a Backdoor into the MiMi Messenger
Experts Find Similarities Between LockBit and BlackMatter
Cybersecurity researchers have confirmed similarities between the latest iteration of LockBit ransomware and BlackMatter. A new version of LockBit 3.0 (LockBit Black) was released in June 2022, along with a new leak site and the first Bug Bounty program on the dark web. You may also be interested in reading: Conti vs. LockBit 2.0 –… Continue reading Experts Find Similarities Between LockBit and BlackMatter
Conti vs. LockBit 2.0 – a Trend Micro Research in Brief
Trend Micro, a Japanese IT security company, has published a thorough comparison of behaviors of two major ransomware groups: Conti and LockBit 2.0. Here you can read a shorter summary of what they found out. Conti and LockBit 2.0 are outstanding operators regarding how many targets they managed to attack. The period analyzed is from… Continue reading Conti vs. LockBit 2.0 – a Trend Micro Research in Brief