Tag: Talos | SpinSafe

Crypto investors under attack by new malware, reveals Cisco Talos

February 18, 2023/in Computer Security

Anti-malware software Malwarebytes highlighted two new malicious computer programs propagated by unknown sources actively targeting crypto investors in a desktop environment.

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware — have been actively scouting the internet and stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The campaign’s victims are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey and the Philippines, as shown below.

Victimology of the malicious campaign. Source: Cisco Talos

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to…

Source…

Cisco’s Talos security bods predict new wave of Excel Hell • The Register

December 21, 2022/in Computer Security

It took a few years and one temporary halt, but in July Microsoft finally began blocking certain macros by default in Word, Excel, and PowerPoint, cutting off a popular attack vector for those who target users of Microsoft’s Windows OS and Office suite.

While recent versions of Office block Visual Basic for Applications (VBA) macros by default, older versions of the suite and its component programs remain enormously prevalent.

Blocking macros therefore won’t deter cybercriminals from targeting Microsoft’s signature productivity applications. They’ll just have to find other options.

A report released on Tuesday by researchers from Cisco’s Talos threat intelligence group dissected one: XLL files in Excel.

Microsoft describes XLL files as “a type of dynamic link library (DLL) file that can only be opened by Excel”. They exist to let third-party apps add extra functionality to the spreadsheet.

Miscreants have used XLLs in attacks for several years, with the first malicious samples submitted to VirusTotal in mid-2017.

“For quite some time after that, the usage of XLL files is only sporadic and it does not increase significantly until the end of 2021, when commodity malware families such as Dridex and Formbook started using it,” Vanja Svajcer, outreach researcher for Talos, wrote in the report.

“Currently a significant number of advanced persistent threat actors and commodity malware families are using XLLs as an infection vector and this number continues to grow.”

Those high-profile groups include APT10, a China-linked gang also known as Chessmaster, Potassium, and menuPass that has used XLLs to inject the Anel Backdoor malware. TA410, a cyberespionage group also known as Cicada or Stone Panda, is another user. DoNot, another APT group, and Fin7, a Russia-based organization are also admirers. Fin7 earlier this year began using XLLs sent…

Source…

Microsoft And Cisco Talos Spot Clever New Malware That Turns Computers Into Cybercrime Accomplices – Forbes

September 29, 2019/in Computer Security

Microsoft And Cisco Talos Spot Clever New Malware That Turns Computers Into Cybercrime Accomplices Forbes
Malware uses web apps to turn PCs into conduits for attacks Engadget
Microsoft spots malware that turns PCs into zombie proxies Gulf News
New Windows Malware Hides in Plain Sight Tom’s Hardware
View full coverage on read more

“malware news” – read more

Tag Archive for: Talos