As ransomware continues to improve its tactics and break records, PhishLabs is monitoring payload families reported in user inboxes that are used to facilitate these attacks.
PhishLabs is monitoring payload families reported in user inboxes. In this piece, we break down the top malware targeting enterprises in Q2.
PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan.
Malicious payloads delivered via email phishing continue to drive access to sensitive infrastructures and result in data compromise for enterprises.
While it remains to be seen whether or not Emotet's operations are permanently offline after its recent disruption, we are monitoring any increases in subsequent malware variants and corresponding ransomware attacks.
Compromised websites are an integral part of the cybercrime ecosystem. PhishLabs recommends these steps to help prevent this kind of exploit.
The ease of buying low cost, pre-built tools broadens the range of potential targets in BEC attacks. This blog discusses one of these tools - Olympic Keylogger.
In December 2014, Vawtrak version 0x38 was released including significant code and configuration changes that indicate momentum and an intense focus on development of the crimeware kit.
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source). Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs) There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta […]
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.
The full source code of the Dendroid Android RAT was leaked late last week. Analyzing the code has revealed multiple vulnerabilities due to lack of user input including XSS, SQLi, and PHP Code Execution.
PhishLabs has observed new Man-in-the-Middle attacks using rogue DNS to takeover accounts and evade fraud detection. Customers of 70+ financial institutions are being targeted.
While investigating an instance of the Zeus Trojan that was using the Avalanche bulletproof hosting botnet, PhishLabs discovered many of the domain names referenced in the Zeus configuration file had not yet been registered including the following four: eitaepiephohthieleibesha.com llakjshbeyrv3421jbs88xc.com nmbnxcbjbh3hbhbdhjb3l4kjbn.com nzytgero34xbhsbc8484kk.com PhishLabs registered the domains and then pointed them to a server under our […]
For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away. These criminals continue to distribute their Zeus trojans and […]
The Avalanche botnet, also known as “MS-Redirect”, has been responsible for hosting phishing pages and malware distribution attacks on over 35 organizations, including the IRS, Facebook, MySpace, most recently NACHA, and many more. Unfortunately, there’s a great deal of confusion over how this botnet works and how it’s related to other malware. Let’s clear it […]