CyberSecurity updates
Updated: 2024-11-10 14:01:23 Pacfic


MalBot @ Malware Analysis, News and Indicators
APT41 Targets the Gambling Industry with Custom Tools - 18d

APT41, a sophisticated threat actor, has been observed maintaining a persistent presence on gambling company networks for nine months. This group utilizes custom tools and techniques, including phantom DLL hijacking and WMIC JavaScript loading, to achieve their objectives. These tactics have been particularly effective in evading detection and establishing long-term access. The group’s continued focus on the gambling industry underscores the sector’s vulnerability to advanced cyber threats, demanding enhanced security measures and vigilance to counter these sophisticated attacks.

trustwave.com
Grandoreiro Banking Trojan: Global Expansion and Fragmented Versions - 18d

Grandoreiro, a Brazilian banking trojan, has evolved since 2016 to become a global threat, targeting 1,700 banks and 276 crypto wallets in 45 countries. Despite arrests of some operators, the group remains active, with new versions featuring updated code and lighter versions focused on Mexico. The trojan’s infection chain typically starts with phishing emails containing malicious ZIP archives that download the Grandoreiro payload.

MalBot @ Malware Analysis, News and Indicators
APT41 Targets Gambling Industry with Custom Tools and Long-Term Persistence - 18d

APT41, a sophisticated threat actor, has been observed targeting the gambling industry with custom tools and achieving prolonged persistence, spanning nine months. Their tactics involve phantom DLL hijacking and WMIC JavaScript loading, allowing for stealthy operations and extended presence within victim networks. This activity highlights the growing interest of advanced threat actors in the gambling sector, demanding enhanced security measures to counter such persistent threats.

cybergeeks.tech
Call Stack Spoofing Technique Used by APT41: Obfuscating Malicious Activity - 23d

APT41 has been observed utilizing call stack spoofing techniques to evade detection by EDR and other security software. Call stack spoofing involves constructing a fake call stack that mimics a legitimate call stack, obscuring the true origin of function calls and hindering analysis. This technique was observed in the Dodgebox malware, which was used by APT41 to trick antivirus and EDR software that rely on stack call analysis for detection. The malware retrieves the address of functions, such as NtCreateFile, and manipulates the call stack to hide the true origin of the function call. This technique highlights the evolving tactics used by sophisticated threat actors and emphasizes the need for advanced detection and mitigation strategies to counter these evasive techniques.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.