In this FortiGuard analysis, we examine the Python scripts behind two malicious packages, outline their behaviors, and provide insights into their potential impact. This article has been indexed from Fortinet Threat Research Blog Read the original article: Analyzing Malicious…
Category: Fortinet Threat Research Blog
Fortinet Contributes to Major Cybercrime Operation Arrests
< div> Fortinet contributes to major INTERPOL and AFRIPOL cybercrime operations arrests of members of cybercrime groups operating across Africa. These individuals specialize in ransomware, digital extortion, online scams, and Business Email Compromise (BEC) attacks.
SmokeLoader Attack Targets Companies in Taiwan
FortiGuard Labs has uncovered an attack targeting companies in Taiwan with SmokeLoader, which performs its attack with plugins this time. Learn more.
Ransomware Roundup – Interlock
Interlock is a recent ransomware variant that has victimized organizations in the United States and Italy, but may have hit other countries. The ransomware affects not only Windows, but also the FreeBSD platform. Read more.
Advanced Cyberthreats Targeting Holiday Shoppers
Black Friday and Holiday Shopping Threats Targeting Shoppers on the Darknet. Learn more.
Threat Predictions for 2025: Get Ready for Bigger, Bolder Attacks
From more sophisticated playbooks to a rise in cloud attacks, cybercriminals are upping the ante to execute more targeted and harmful activities. Learn more.
New Campaign Uses Remcos RAT to Exploit Victims
See how threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts. This article has been indexed from Fortinet Threat Research Blog Read the original article: New Campaign…
Threat Campaign Spreads Winos4.0 Through Game Application
FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Threat Campaign Spreads Winos4.0 Through Game Application
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn…
Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401
When the GeoServer vulnerability CVE-2024-36401 emerged, the FortiGuard Labs gathered related intelligence. This blog highlights the threat actors and how they exploit and use the vulnerability. This article has been indexed from Fortinet Threat Research Blog Read the original…
Emansrepo Stealer: Multi-Vector Attack Chains
FortiGuard Labs has uncovered a fresh threat – Emansrepo stealer, which is distributed via multiple attack chains for months. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Emansrepo Stealer: Multi-Vector Attack…
Ransomware Roundup – Underground
The Underground ransomware has victimized companies in various industries since July 2023. It encrypts files without changing the original file extension. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup…
Deep Analysis of Snake Keylogger’s New Variant
Fortinet’s FortiGuard Labs caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Get a deep analysis of the campaign and how it delivers a new variant of Snake Keylogger. This article…
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
A technical analysis of the ongoing ValleyRat multi-stage malware campaign’s diverse techniques and characteristics. This article has been indexed from Fortinet Threat Research Blog Read the original article: A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
Preparation Is Not Optional: 10 Incident Response Readiness Considerations for Any Organization
Incident response preparation is not optional. Here are ten activities every organization should consider implementing. Read more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Preparation Is Not Optional: 10 Incident Response Readiness…
PureHVNC Deployed via Python Multi-stage Loader
FortiGuard Lab reveals a malware “PureHVNC”, sold on the cybercrime forum, is spreading through a phishing campaign targeting employees via a python multi-stage loader. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original…
Malicious Packages Hidden in PyPI
The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This report discusses its potential impacts and emphasizes the importance of diligent security practices in managing software dependencies. Read more. …
Phishing Campaign Targeting Mobile Users in India Using India Post Lures
The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
Dark Web Shows Cybercriminals Ready for Olympics. Are You?
According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more. This…
Dark Web Shows Cybercriminals Ready for Olympics. Are You?
According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more. This…
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy. Learn more. This article has been indexed…
Fickle Stealer Distributed via Multiple Attack Chain
FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Fickle Stealer Distributed via Multiple Attack Chain
Ransomware Roundup – Shinra and Limpopo Ransomware
Shinra and Limpopo are recent ransomware designed to encrypt files in Windows and VMWare ESXi environments respectively, and they demand payment from victims to decrypt the files. This article has been indexed from Fortinet Threat Research Blog Read the…
New Agent Tesla Campaign Targeting Spanish-Speaking People
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: New Agent…
Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
zEus Stealer Distributed via Crafted Minecraft Source Pack
FortiGuard Labs analysis of a zEus batch stealer distributed via a crafted Minecraft source pack. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: zEus Stealer Distributed via Crafted Minecraft Source Pack
Key Findings from the 2H 2023 FortiGuard Labs Threat Report
In this report, we examine the cyberthreat landscape in 2H 2023 to identify trends and offer insights on what security professionals should know. This article has been indexed from Fortinet Threat Research Blog Read the original article: Key Findings…
New “Goldoon” Botnet Targeting D-Link Devices
FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: New “Goldoon” Botnet Targeting D-Link Devices
Ransomware Roundup – KageNoHitobito and DoNex
The KageNoHitobito and DoNex are recent ransomware that are financially motivated, demanding payment from victims to decrypt files. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – KageNoHitobito and…
Unraveling Cyber Threats: Insights from Code Analysis
FortiGuard Labs unearthed a malicious PyPi package that aims to extract sensitive information from unsuspecting victims. Get an analysis of its origins and propagation methods. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
FortiGuard Labs unveils Moobot, Miroi, AGoent, Gafgyt and more exploiting TP-Link Archer AX21 vulnerability CVE-2023-1389. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
Byakugan – The Malware Behind a Phishing Attack
FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Byakugan – The Malware Behind a…
Ransomware Roundup – RA World
The RA World ransomware, which debuted late last year, claims to be holding more than 20 organizations worldwide hostage for financial gain. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware…
VCURMS: A Simple and Functional Weapon
ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: VCURMS: A Simple and Functional Weapon
New Banking Trojan “CHAVECLOAK” Targets Brazil
FortiGuard Labs discovered a new banking Trojan targeting users in Brazil with stealthy tactics. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: New Banking Trojan “CHAVECLOAK” Targets Brazil
FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape
FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving…
Ransomware Roundup – Abyss Locker
FortiGuard Labs highlights the Abyss Locker ransomware group that steals information from victims and encrypts files for financial gain. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – Abyss…
Android/SpyNote Moves to Crypto Currencies
FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets. This article has been indexed from Fortinet Threat Research Blog Read the original article: Android/SpyNote Moves to Crypto Currencies
TicTacToe Dropper
FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: TicTacToe Dropper
Python Info-stealer Distributed by Malicious Excel Document
FortiGuard Labs has uncovered a malware campaign involving a python info-stealer distributed by Excel document. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Python Info-stealer Distributed by Malicious Excel Document
Ransomware Roundup – Albabat
The financially motivated Albabat ransomware began distributing as a rogue program in late 2023, and has since evolved. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – Albabat
Another Phobos Ransomware Variant Launches Attack – FAUST
Fortiguard Labs unveils a recent FAUST ransomware attack, a variant of the Phobos family that exploits an Office document and deploys on Windows systems. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original…
Info Stealing Packages Hidden in PyPI
An info-stealing PyPI malware author was identified discreetly uploading malicious packages. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Info Stealing Packages Hidden in PyPI
Deceptive Cracked Software Spreads Lumma Variant on YouTube
FortiGuard Labs uncovered a threat group using YouTube channels to spread Private .NET loader for Lumma Stealer 4.0. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Deceptive Cracked Software Spreads Lumma…
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices
FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original…
Ransomware Roundup – 8base
The 8base ransomware, a variant of Phobos, emerged in May 2023 and has been targeting organizations across various industries globally for financial gain. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
Bandook – A Persistent Threat That Keeps Evolving
FortiGuard Labs has uncovered a fresh threat – the latest generation of Bandook is being distributed via a Spanish PDF file. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: Bandook –…
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
FortiGuardLabs discovered a new APT29 campaign which includes TeamCity exploitation and GraphicalProton malware. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF
FortiGuard Labs uncovers a sophisticated phishing campaign deploying MrAnon Stealer via fake booking PDF. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: MrAnon Stealer Spreads via Email with Fake Hotel Booking…
GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ
FortiGuardLabs uncovers the ongoing exploits targeting CVE-2023-46604, with the emergence of a new Golang botnet “GoTitan”. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: GoTitan Botnet – Ongoing Exploitation on Apache…
Konni Campaign Distributed Via Malicious Document
FortiGuard Labs exposes the KONNI campaign’s distribution of using a counterfeit Russian military operation document. Read more on the details of the attack chain. This article has been indexed from Fortinet Threat Research Blog Read the original article: Konni…
Investigating the New Rhysida Ransomware
FortiGuard Labs sheds insights into the operations, tactics, and impact, including a novel technique involving ESXi-based ransomware of an incident involving the Rhysida ransomware group. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the…
Ransomware Roundup – NoEscape
Learn more about the NoEscape ransomware group, a potential successor to Avaddon, which emerged in May 2023, targeting organizations in various industries for financial gain. This article has been indexed from Fortinet Threat Research Blog Read the original article:…
Threat Predictions for 2024: Chained AI and CaaS Operations Give Attackers More “Easy” Buttons Than Ever
Read FortiGuard Labs’ latest threat predictions look at the latest attack tactics and techniques organizations might see in 2024 and beyond. This article has been indexed from Fortinet Threat Research Blog Read the original article: Threat Predictions for 2024:…
Ransomware Roundup – Knight
The Knight ransomware, a successor to the Cyclops ransomware, has been active since August 2023 and employs double-extortion tactics to extort money from victims. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original…
Another InfoStealer Enters the Field, ExelaStealer
< div> FortiGuard Labs analyzes ExelaStealer, a relatively new, open-source InfoStealer. Written in Python, and capable of stealing sensitive information from users.
Ransomware Roundup – Akira
< div> Akira is a relatively new multi-OS ransomware that encrypts and exfiltrates victims’ files and demands ransom for file decryption. Learn more.
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
FortiGuard Labs unmasks IZ1H9 and explores the aggressive exploits in the Mirai-Based DDoS Campaign. Learn more.
Malicious Packages Hidden in NPM
FortiGuard Labs investigates several malicious packages hidden in NPM and provides an overview of these packages, grouping them on similar styles of code or functions. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the…
Threat Actors Exploit the Tensions Between Azerbaijan and Armenia
Threat actors are using geopolitical issues between Azerbaijan and Armenia to deliver stealth malware This article has been indexed from Fortinet Threat Research Blog Read the original article: Threat Actors Exploit the Tensions Between Azerbaijan and Armenia