<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">
Posted by Morphisec Labs on January 30, 2019

This post was authored by Michael Gorelik, Alon Groisman and Bruno Braga.

A new, highly sophisticated campaign that delivers the Orcus Remote Access Trojan is hitting victims in ongoing, targeted attacks. Morphisec identified the campaign after receiving notifications from its advanced prevention solution at several deployment sites.

Read More
Posted by Michael Gorelik on December 18, 2018

Let’s face it – there are a lot of threat reports and threat data floating around. What makes the Morphisec Labs Threat Report different is the type of threats it analyzes. It focuses on the threats that pose a real risk to organizations, the ones that get past standard and next-generation AI antivirus.

Read More
Posted by Michael Gorelik on November 29, 2018

Note: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.

Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec researchers dubbed the campaign “Pied Piper”as it delivers various Remote Access Trojan (RAT) payloads via phishing, across multiple countries.

Read More
Posted by Michael Gorelik on November 21, 2018

This blog was co-authored by Alon Groisman.

It seems like the rumors of FIN7’s decline have been hasty. Just a few months after the well-publicized indictment of three high-ranking members in August, Morphisec has identified a new FIN7 campaign that appears to be targeting the restaurant industry.

Read More
Posted by Michael Gorelik on October 8, 2018

 

Over the past year, Morphisec and several other endpoint protection companies have been tracking a resurgence in activity from the Cobalt Group. Cobalt is one of the most notorious cybercrime operations, with attacks against more than 100 banks across 40 countries

Read More
Posted by Michael Gorelik on June 18, 2018

 

After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The PDF exploits two previously unknown vulnerabilities, Acrobat Reader vulnerability CVE-2018-4990 and a privilege escalation vulnerability in Microsoft Windows, CVE-2018-8120.

Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.

Read More
Posted by Roy Moshailov on May 9, 2018

On the 12th of April, Morphisec, identified and prevented a major wave of malspam purporting to be from HSBC Bank. The phishing campaign targeted several industrial manufacturing and service enterprises in Asia, using standard but still often effective social engineering tactics. The malicious email delivered a sophisticated info-stealing trojan via a weaponized ISO attachment. ISO files are a type of image archive format used for optical disk images, which can be opened using WinRAR and other programs.

Read More
Posted by Michael Gorelik on March 23, 2018

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More
Posted by Roy Moshailov on March 22, 2018

 

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Read More
Posted by Michael Gorelik on February 25, 2018

 

On February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but it will take some companies weeks, months or even years to rollout the patch and cyber criminals keep developing new ways to exploit the vulnerability in this window

Read More