-
100 Days of YARA: Writing Signatures for .NET Malware
If YARA signatures for .NET assemblies only rely on strings, they are very limited. We explore more detection opportunities, including IL code, method signature definitions and specific custom attributes. Knowledge about the underlying .NET metadata structures, tokens and streams helps to craft more precise and efficient signatures, even in cases where relevant malware samples might…
-
Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor
In the ever-evolving landscape of advanced persistent threats (APTs), the notorious financial cybercrime group FIN7 has added another sophisticated tool to their arsenal. We have recently discovered a new Python-based backdoor, called “AnubisBackdoor”, being deployed in their latest campaigns. Go to Source
-
Booking a Threat: Inside LummaStealer’s Fake reCAPTCHA
Cybercriminals are taking advantage of the increased demand in travel by setting up fake booking sites, phishing scams and fraudulent listings to trick unsuspecting travelers. Go to Source
-
Malware from fake recruiters
Fake recruiters are currently on the hunt for CVs – and also your data. Reports have emerged about malware being put into work assignments that supposedly test a candidate’s technical skills. Go to Source
-
UK tax authority reveals scammers stole £47 million
Officials from His Majesty’s Revenue & Customs, the U.K.’s tax authority, said criminals took over accounts to pilfer £47 million ($63 million) last year. Go to Source
-
BidenCash darknet forum taken down by US, Dutch law enforcement
The FBI and Dutch national police were among the law enforcement agencies that took down 145 domains linked to BidenCash, a cybercrime marketplace linked to millions of dollars in fraud since late 2022. Go to Source
-
FBI: Play ransomware gang has attacked 600 organizations since 2023
Law enforcement officials said initial access brokers with ties to Play ransomware operators continue to exploit multiple vulnerabilities in remote monitoring and management tool SimpleHelp. Go to Source
-
Google warns of cybercriminals targeting Salesforce app to steal data, extort companies
Researchers at Google said the current campaign involving versions of the Salesforce Data Loader tool has targeted about 20 organizations and is ongoing. Go to Source