CYFIRMA: Cybersecurity Dossier
Threat Actor in Focus: Threat Actors Weaponize Malicious Script to Mine Cryptocurrency?
In a recent observation, many unknown threat actors were observed employing malicious scripts. In April of this year, the FBI issued an advisory warning about a series of cyberattacks targeting government, law enforcement, and non-profit organizations. These attacks involve the deployment of multiple types of malwares on victims’ devices. The primary objectives of the attackers are to harness company resources for cryptocurrency mining, steal sensitive data through keyloggers, and establish unauthorized backdoor access to computer systems. Upon investigation of the indicators of compromise identified in the FBI’s April report, previously undisclosed malicious scripts were discovered in August.?
Part 2 : Craxs Rat Latest Version with Dropper Module.?
This is our second report on the advanced Craxs Remote Administration tool: in the previous report, we exposed the developer of a destructive remote administration tool for Android devices and also reviewed the panel, including Android malware generated from the tool. EVLF’s old operator (from Syria) sold the channel to a new administration of unknown origin. Fortunately, before this transaction took place, we were able to find out the real identity of the original developer-operator of CraxsRAT and report it to the relevant authorities. In this report, we are reviewing the newly added feature that serves the role of a dropper, a novel technique added to the Android remote administration tool that has not been seen before in any other publicly available RAT.
CYFIRMA Industries Report : FINANCE October 2023?
Welcome to the CYFIRMA infographic industry report, where we delve into the external threat landscape of the finance industry over the past three months. This report provides valuable insights and data-driven statistics, delivering a concise analysis of attack campaigns, phishing telemetry, and ransomware incidents targeting finance industry. We aim to present an industry-specific overview in a convenient, engaging, and informative format. Leveraging our cutting-edge platform telemetry and the expertise of our analysts, we bring you actionable intelligence to stay ahead in the cybersecurity landscape.
Akira Stealer : An Undetected Python Based Info-stealer?
Akira is an information stealing malware being offered on a dedicated website as MaaS (malware-as-a-service) with the tag “Akira Undetector”. The web platform provides an interface to generate a new stealer binary with instructions to use the malware, leveraging the Telegram channel to provide updates and command-and-control functionality. This malware is capable of harvesting information from web browsers such as saved credentials and payment card details, and also trawls the system for information, including username, system ID, hardware details, installed software, network configurations, and uploads the stolen information to the adversary’s account on ‘GoFile’ online storage management service and Discord instant messaging service.
Ransomware of the Week
CYFIRMA Research and Advisory Team has found an update of INC/INC. Ransom ransomware while monitoring various underground forums as part of our Threat Discovery Process. INC ransomware strain emerged at the end of July of 2023. The ransomware will encrypt the files and append them with the “.INC” extension. The initial access methods of ransomware can vary, with observed techniques encompassing spear-phishing emails and the targeting of vulnerable services. This targeting extends to the exploitation of CVE-2023-3519(CVSS-9.8) in Citrix NetScaler. Once initial access is achieved, a diverse range of Living off the Land Binaries (LOLBINs) is employed for ongoing internal reconnaissance and lateral movement.?
Trending Malware of the Week
This week “ExelaStealer” is trending. In 2023, the InfoStealer market is competitive with established players like RedLine, Raccoon, and Vidar holding a significant market share. Researchers discovered that ExelaStealer is a recent addition to the crowded landscape of information stealers targeting Windows systems. These malware types are designed to capture sensitive data. Despite the prevalence of such infostealers, ExelaStealer’s emergence highlights the potential for new players to establish themselves in this space. ExelaStealer is an open-source InfoStealer primarily written in Python, but it can incorporate resources from other languages like JavaScript. This tool allows threat actors to steal sensitive data from Windows-based systems, including passwords, credit card information, cookies, session data, and key logs.
CYFIRMA is a?threat?discovery?and cyber-intelligence company with the world’s first platform that can deliver predictive cyber-intelligence. We combine cyber-intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. We have built the next generation of AI-powered threat intelligence platform called External Threat Landscape Management (ETLM) to provide cyber defenders with the hacker’s view to help clients prepare for impending attacks.
SCHEDULE A DEMO?HERE
Visit?www.cyfirma.com