The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea.Read More
As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of adware, PUA, and fraudulent software bundle delivery beyond a consumer problem into a significant attack vector on enterprise employees.Read More
Google, SpaceX, and even NASA, recently banning employee use of Zoom as they shift to work-from-home workforces in response to COVID-19 have shined a spotlight on the widely popular video conferencing tool’s security flaws. While “ZoomBombing” trolls can certainly be embarrassing, those types of breaches are only a harbinger for more sophisticated ransomware, zero-day attacks, and malware that can be carried out targeting Zoom’s current weaknesses.Read More
During the first week of March, Morphisec intercepted and prevented an advanced Lokibot delivery campaign on some of its customers in the financial sector. While Lokibot has been lately reported to be delivered via impersonation of a known game launcher, previously it was also delivered through advanced AutoIt obfuscated Frenchy shellcode.Read More
Guloader is a downloader that has been widely used from December 2019. Several security researchers have identified the downloader in the wild, signifying that it has quickly gained popularity among threat actors. When it first appeared, GuLoader was used to download Parallax RAT, but has been applied to other remote access trojans and info-stealers such as Netwire, FormBook, and Tesla.Read More
Malware authors worldwide have targeted the fear around COVID-19 as a way to further their goals. This isn’t really a new method of enticing people to download and run their malware; threat actors have always used disasters as a way to deliver their payloads. From that perspective, the COVID-19 pandemic is only the latest in a long line of disasters that threat actors--both financially motivated and state-sponsored--leverage to achieve their goals.Read More
Subscribe to our blog
Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.