You are here:-Anti-Malware


By | 2018-06-14T16:06:06+00:00 June 14th, 2018|Categories: Anti-Malware|

by Michael Villanueva and Martin Co (Threats Analysts) The MuddyWater campaign was first sighted in 2017 when it targeted the Saudi government using an attack involving PowerShell scripts deployed via Microsoft Office Word macro. In March 2018, we provided a detailed analysis of another campaign that bore the hallmarks of MuddyWater. In May

By | 2018-06-11T15:16:57+00:00 June 11th, 2018|Categories: Anti-Malware|

By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC. BrowseFox is a marketing adware plugin that illicitly injects pop-up ads and discount deals. While it uses a legitimate software process, the adware plugin may

By | 2018-06-11T15:01:48+00:00 June 11th, 2018|Categories: Anti-Malware|

by Craig Gibson (Principal Threat Defense Architect) Already a vital part of both the internet of things and the critical infrastructure of the internet, satellites are set to take on a more significant role with the emergence of 5G cellular network technology and the continuing expansion of the internet of things (IoT). While

By | 2018-06-08T02:12:01+00:00 June 7th, 2018|Categories: Anti-Malware|

In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network. Last May, we uncovered a master boot record (MBR)-wiping malware

By | 2018-06-06T13:49:50+00:00 June 6th, 2018|Categories: Anti-Malware|

by Marshall Chen, Loseway Lu, Kawabata Kohei, and Rubio Wu Tax season has traditionally been notorious for increased cybercrime activity, as threat actors take advantage of a large number of people rushing to file their taxes. The problem has cost taxpayers billions of dollars — tax fraud amounted to $2.5 billion worth of

By | 2018-06-01T00:17:38+00:00 May 31st, 2018|Categories: Anti-Malware|

by Miguel Ang, Martin Co, and Michael Villanueva (Threats Analysts) An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page. Sometime around February to March last year, however, we saw Rig’s

By | 2018-05-31T12:02:35+00:00 May 31st, 2018|Categories: Anti-Malware|

by Craig Gibson (Senior Threat Researcher) Already, current cellular network technologies such as 3G and 4G allow fast wireless communication. But the next evolution, 5G, is set to afford even faster connections along with greater reliability. Touted as the next generation of mobile internet connectivity, 5G will offer speeds of the order of

By | 2018-05-24T14:30:51+00:00 May 24th, 2018|Categories: Anti-Malware|

by Jaromir Horejsi, Joseph C. Chen, and Loseway Lu We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source. It appears they are working on a new malware that — based on

By | 2018-05-23T14:08:41+00:00 May 23rd, 2018|Categories: Anti-Malware|

by Daniel Lunghi and Jaromir Horejsi Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia. During the months that followed in which we tracked Confucius’ activities, we found

By | 2018-05-22T02:05:58+00:00 May 21st, 2018|Categories: Anti-Malware|

by Trend Micro IoT Reputation Service Team and Trend Micro Smart Home Network Team In April, we discussed our findings on increased activity originating from China targeting network devices in Brazil that mimicked the Mirai botnet’s scanning technique. We recently found similar Mirai-like scanning activity from Mexico. The difference in these attacks, however,