Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.
The post Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine appeared first on Malwarebytes Labs.
While we have heard less about web skimming attacks, attacks are still going on, but more quietly than before.
The post Client-side Magecart attacks still around, but more covert appeared first on Malwarebytes Labs.
Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and block them indiscriminately to protect our customers from being defrauded by a fraudulent tech support agent over the phone. Every now…
We catch up with some old acquaintances that just aren’t ready to hang up the towel just yet.
The post MakeMoney malvertising campaign adds fake update template appeared first on Malwarebytes Labs.
Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany.
The post Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis appeared first on Malwarebytes Labs.
On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is…
The post APT34 targets Jordan Government using new Saitama backdoor appeared first on Malwarebytes Labs.