<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">
Posted by Arnold Osipov on March 18, 2020

Following the increase in Parallax RAT campaigns -- the new RAT on the block, Morphisec Labs decided to release more technical details on some of the latest campaigns that the Morphisec Unified Threat Prevention Platform intercepted and prevented on our customer’s sites.

Read More
Posted by Arnold Osipov on January 30, 2020

The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news articles from President Trump’s impeachment trial have been used to hide Trickbot from antivirus scanners.

Read More
Posted by Alon Groisman on December 18, 2019

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.

Read More
Posted by Morphisec Labs on October 16, 2019

In this blog, we will present some findings on how NanoCore RAT 1.2.2.0 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.

Read More
Posted by Michael Gorelik on October 10, 2019

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.

Read More
Posted by Morphisec Labs on August 16, 2019

This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.

Read More
Posted by Arnold Osipov on July 18, 2019

Morphisec Labs recently investigated an ongoing BitPaymer ransomware campaign that has been attacking companies across the U.S., both public and private, over the last 3 months.

Read More
Posted by Michael Gorelik on June 10, 2019

During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as a result of several phishing attempts.

Read More
Posted by Arnold Osipov on May 13, 2019

 

Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats. Today we see this attack employed on a regular basis as part of widespread spam phishing campaigns - if successful, Hworm gives the attacker complete control of the victim’s system. Morphisec Labs recently observed a new version with a minor modification to its obfuscation technique.

Read More
Posted by Michael Gorelik on March 28, 2019

Introduction

This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS Live Update,

Read More