tag = "Malware"

QBot Operations Peak Pre-Takedown, O365 Attacks Increase in Q2

Cybercriminals doubled down on popular threat types and preferred malicious software in Q2, with O365 phish and QBot malware dominating inboxes by significant margins.

Q2 Payload Report

QBot dominated as the top payload in Q2 with more than 95% of reported volume, according to Fortra’s PhishLabs.

The Royal & BlackCat Ransomware: What you Need to Know

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them.

Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems.

Emotet Returns from Hiatus, Trails QBot in Q1 Volume

PhishLabs’ Suspicious Email Analysis solution continuously monitors payload families reported in corporate inboxes to help mitigate attacks targeting their businesses. Below are the top payload threats to enterprises in Q1.

Response-Based Email Attacks Reach Inboxes More Than Any Other Threat in Q4

In Q4, Response-Based phishing attacks were the top reported threat by end users, according to Fortra’s PhishLabs.

Digital Journal: Hackers Using Steganography Tactics for Malware Attacks

Read Digital Journal’s interview to learn why steganography is increasingly used in phishing campaigns and how security teams can protect against these attacks.

QBot Campaigns Overwhelmingly Lead Reported Payloads in Q4

QBot was the most reported payload targeting employee inboxes in Q4, according to Fortra’s PhishLabs. This is the fourth consecutive month QBot has led malware activity as bad actors target organizations with a steady stream of high-volume attack campaigns.

Emails Reported as Malicious Reach Four-Quarter High in Q3

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra’s PhishLabs.

RedLine Stealer Leads Payloads in Q3

In Q3, Redline Stealer represented nearly half of all malware attacks targeting corporate user inboxes. This is the first quarter Redline has led payload volume since PhishLabs began reporting on malware activity.

Old Threats, New High: Response-Based Emails Increase in Q2

In Q2, Response-Based emails targeting corporate users reached the highest volume since 2020, according to Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. Malicious and potentially damaging emails targeting corporate inboxes have climbed to a three-quarter high, and include Response-Based scams, Credential Theft, and Malware.

Top 10 Ways To Recognize a Phishing Email

Attackers continue to find clever new ways to disguise phishing emails. Here are 10 different ways you can identify a phishing email.

Emotet Tops Payload Attack Volume in Q2

Emotet contributed to just over 47% of all attacks targeting corporate users in Q2, narrowly surpassing the former leader QBot.

Hybrid Vishing Attacks Soar YoY, Achieve All-Time High In March

Vishing reports in Q1 2022 increased nearly 550% over Q1 2021, according to Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Vishing Attacks Are at an All-Time High, Report Finds

Vishing attacks have increased almost 550 percent over the last twelve months, according to Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Social Media Attacks Double in 2021 According to Latest PhishLabs Report

Social Media attacks targeting organizations increased 103% in 2021, according to PhishLabs’ Threat Trends & Intelligence Report.

Qbot, ZLoader Represent 89% of Payload Volume in Q4

Qbot and ZLoader payloads targeting enterprises contributed to almost 89% of email-based malware volume in Q4.

Despite their Simplicity, New Emotet Attacks Forecast Threatening Future

PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January, when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity.

Vishing Hybrid, Response-Based Attacks on the Rise

Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Advanced Banking Trojan Sets New Standard for Android Malware

A new Android banking trojan is targeting financial institutions, crypto-wallets, and the retail industry.

BazaLoader Leads Payloads as Families Fluctuate, Players Broaden

As ransomware continues to improve its tactics and break records, PhishLabs is monitoring payload families reported in user inboxes that are used to facilitate these attacks.

Qbot Leads Payload Volume in Q2

PhishLabs is monitoring payload families reported in user inboxes. In this piece, we break down the top malware targeting enterprises in Q2.

Alien Mobile Malware Evades Detection, Increases Targets

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan.

ZLoader Dominates Email Payloads in Q1

Malicious payloads delivered via email phishing continue to drive access to sensitive infrastructures and result in data compromise for enterprises.

Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In

While it remains to be seen whether or not Emotet's operations are permanently offline after its recent disruption, we are monitoring any increases in subsequent malware variants and corresponding ransomware attacks.

When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites

Compromised websites are an integral part of the cybercrime ecosystem. PhishLabs recommends these steps to help prevent this kind of exploit.

Olympic Vision Keylogger and BEC Scams

The ease of buying low cost, pre-built tools broadens the range of potential targets in BEC attacks. This blog discusses one of these tools - Olympic Keylogger.

The unrelenting evolution of Vawtrak

In December 2014, Vawtrak version 0x38 was released including significant code and configuration changes that indicate momentum and an intense focus on development of the crimeware kit.

Cyberespionage Phishing Attack, Backoff Malware Spreads, Retail Breach and more | TWIC – October 24, 2014

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source). Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs) There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta […]

Dyre Banking Trojan, Tyupkin ATM Malware, iWorm Botnet and More | TWIC – October 10, 2014

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Smash & Grab cybercrime attacks have been active since mid-June

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.

Vulnerabilities found in Dendroid mobile Trojan

The full source code of the Dendroid Android RAT was leaked late last week. Analyzing the code has revealed multiple vulnerabilities due to lack of user input including XSS, SQLi, and PHP Code Execution.

New Man-in-the-Middle attacks leveraging rogue DNS

PhishLabs has observed new Man-in-the-Middle attacks using rogue DNS to takeover accounts and evade fraud detection. Customers of 70+ financial institutions are being targeted.

Avalanche-Hosted Zeus Trojan Disrupted

While investigating an instance of the Zeus Trojan that was using the Avalanche bulletproof hosting botnet, PhishLabs discovered many of the domain names referenced in the Zeus configuration file had not yet been registered including the following four: eitaepiephohthieleibesha.com llakjshbeyrv3421jbs88xc.com nmbnxcbjbh3hbhbdhjb3l4kjbn.com nzytgero34xbhsbc8484kk.com PhishLabs registered the domains and then pointed them to a server under our […]

Rock Moves to Email Attachments

For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away. These criminals continue to distribute their Zeus trojans and […]

Cleaning up from the Avalanche

The Avalanche botnet, also known as “MS-Redirect”, has been responsible for hosting phishing pages and malware distribution attacks on over 35 organizations, including the IRS, Facebook, MySpace, most recently NACHA, and many more. Unfortunately, there’s a great deal of confusion over how this botnet works and how it’s related to other malware. Let’s clear it […]