Category: Fortinet Threat Research Blog

Analyzing Malicious Intent in Python Code: A Case Study

In this FortiGuard analysis, we examine the Python scripts behind two malicious packages, outline their behaviors, and provide insights into their potential impact.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Analyzing Malicious…

Fortinet Contributes to Major Cybercrime Operation Arrests

< div> Fortinet contributes to major INTERPOL and AFRIPOL cybercrime operations arrests of members of cybercrime groups operating across Africa. These individuals specialize in ransomware, digital extortion, online scams, and Business Email Compromise (BEC) attacks.    

Ransomware Roundup – Interlock

Interlock is a recent ransomware variant that has victimized organizations in the United States and Italy, but may have hit other countries. The ransomware affects not only Windows, but also the FreeBSD platform. Read more.    

New Campaign Uses Remcos RAT to Exploit Victims

See how threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts.        This article has been indexed from Fortinet Threat Research Blog Read the original article: New Campaign…

Threat Campaign Spreads Winos4.0 Through Game Application

FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Threat Campaign Spreads Winos4.0 Through Game Application

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401

When the GeoServer vulnerability CVE-2024-36401 emerged, the FortiGuard Labs gathered related intelligence. This blog highlights the threat actors and how they exploit and use the vulnerability.        This article has been indexed from Fortinet Threat Research Blog Read the original…

Emansrepo Stealer: Multi-Vector Attack Chains

FortiGuard Labs has uncovered a fresh threat – Emansrepo stealer, which is distributed via multiple attack chains for months. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Emansrepo Stealer: Multi-Vector Attack…

Ransomware Roundup – Underground

The Underground ransomware has victimized companies in various industries since July 2023. It encrypts files without changing the original file extension. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup…

Deep Analysis of Snake Keylogger’s New Variant

Fortinet’s FortiGuard Labs caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Get a deep analysis of the campaign and how it delivers a new variant of Snake Keylogger.        This article…

PureHVNC Deployed via Python Multi-stage Loader

FortiGuard Lab reveals a malware “PureHVNC”, sold on the cybercrime forum, is spreading through a phishing campaign targeting employees via a python multi-stage loader. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original…

Malicious Packages Hidden in PyPI

The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This report discusses its potential impacts and emphasizes the importance of diligent security practices in managing software dependencies. Read more.       …

Dark Web Shows Cybercriminals Ready for Olympics. Are You?

According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more.        This…

Dark Web Shows Cybercriminals Ready for Olympics. Are You?

According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more.        This…

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

The Growing Threat of Malware Concealed Behind Cloud Services

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy. Learn more.        This article has been indexed…

Fickle Stealer Distributed via Multiple Attack Chain

FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Fickle Stealer Distributed via Multiple Attack Chain

Ransomware Roundup – Shinra and Limpopo Ransomware

Shinra and Limpopo are recent ransomware designed to encrypt files in Windows and VMWare ESXi environments respectively, and they demand payment from victims to decrypt the files.        This article has been indexed from Fortinet Threat Research Blog Read the…

New Agent Tesla Campaign Targeting Spanish-Speaking People

A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: New Agent…

zEus Stealer Distributed via Crafted Minecraft Source Pack

FortiGuard Labs analysis of a zEus batch stealer distributed via a crafted Minecraft source pack. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: zEus Stealer Distributed via Crafted Minecraft Source Pack

New “Goldoon” Botnet Targeting D-Link Devices

FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: New “Goldoon” Botnet Targeting D-Link Devices

Ransomware Roundup – KageNoHitobito and DoNex

The KageNoHitobito and DoNex are recent ransomware that are financially motivated, demanding payment from victims to decrypt files. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – KageNoHitobito and…

Unraveling Cyber Threats: Insights from Code Analysis

FortiGuard Labs unearthed a malicious PyPi package that aims to extract sensitive information from unsuspecting victims. Get an analysis of its origins and propagation methods.        This article has been indexed from Fortinet Threat Research Blog Read the original article:…

Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread

FortiGuard Labs unveils Moobot, Miroi, AGoent, Gafgyt and more exploiting TP-Link Archer AX21 vulnerability CVE-2023-1389. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

Byakugan – The Malware Behind a Phishing Attack

FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Byakugan – The Malware Behind a…

Ransomware Roundup – RA World

The RA World ransomware, which debuted late last year, claims to be holding more than 20 organizations worldwide hostage for financial gain. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware…

VCURMS: A Simple and Functional Weapon

ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: VCURMS: A Simple and Functional Weapon

New Banking Trojan “CHAVECLOAK” Targets Brazil

FortiGuard Labs discovered a new banking Trojan targeting users in Brazil with stealthy tactics. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: New Banking Trojan “CHAVECLOAK” Targets Brazil

Ransomware Roundup – Abyss Locker

FortiGuard Labs highlights the Abyss Locker ransomware group that steals information from victims and encrypts files for financial gain. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – Abyss…

Android/SpyNote Moves to Crypto Currencies

FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Android/SpyNote Moves to Crypto Currencies

TicTacToe Dropper

FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: TicTacToe Dropper

Python Info-stealer Distributed by Malicious Excel Document

FortiGuard Labs has uncovered a malware campaign involving a python info-stealer distributed by Excel document. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Python Info-stealer Distributed by Malicious Excel Document

Ransomware Roundup – Albabat

The financially motivated Albabat ransomware began distributing as a rogue program in late 2023, and has since evolved. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Ransomware Roundup – Albabat

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Info Stealing Packages Hidden in PyPI

Deceptive Cracked Software Spreads Lumma Variant on YouTube

FortiGuard Labs uncovered a threat group using YouTube channels to spread Private .NET loader for Lumma Stealer 4.0. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Deceptive Cracked Software Spreads Lumma…

Ransomware Roundup – 8base

The 8base ransomware, a variant of Phobos, emerged in May 2023 and has been targeting organizations across various industries globally for financial gain. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article:…

Bandook – A Persistent Threat That Keeps Evolving

FortiGuard Labs has uncovered a fresh threat – the latest generation of Bandook is being distributed via a Spanish PDF file. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Bandook –…

MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF

FortiGuard Labs uncovers a sophisticated phishing campaign deploying MrAnon Stealer via fake booking PDF. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: MrAnon Stealer Spreads via Email with Fake Hotel Booking…

GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ

FortiGuardLabs uncovers the ongoing exploits targeting CVE-2023-46604, with the emergence of a new Golang botnet “GoTitan”. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: GoTitan Botnet – Ongoing Exploitation on Apache…

Konni Campaign Distributed Via Malicious Document

FortiGuard Labs exposes the KONNI campaign’s distribution of using a counterfeit Russian military operation document. Read more on the details of the attack chain.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Konni…

Investigating the New Rhysida Ransomware

FortiGuard Labs sheds insights into the operations, tactics, and impact, including a novel technique involving ESXi-based ransomware of an incident involving the Rhysida ransomware group. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the…

Ransomware Roundup – NoEscape

Learn more about the NoEscape ransomware group, a potential successor to Avaddon, which emerged in May 2023, targeting organizations in various industries for financial gain.        This article has been indexed from Fortinet Threat Research Blog Read the original article:…

Ransomware Roundup – Knight

The Knight ransomware, a successor to the Cyclops ransomware, has been active since August 2023 and employs double-extortion tactics to extort money from victims. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original…

Ransomware Roundup – Akira

< div> Akira is a relatively new multi-OS ransomware that encrypts and exfiltrates victims’ files and demands ransom for file decryption. Learn more.    

Malicious Packages Hidden in NPM

FortiGuard Labs investigates several malicious packages hidden in NPM and provides an overview of these packages, grouping them on similar styles of code or functions. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the…