Posts tagged Malware

18 min Incident Response

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.

4 min Artificial Intelligence

Why Cybercriminals Are Not Necessarily Embracing AI

The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks.

9 min Research

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.

7 min Malware

A Bag of RATs: VenomRAT vs. AsyncRAT

Remote access tools (RATs) have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT.

5 min Malware

LodaRAT: Established Malware, New Victim Patterns

Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.

9 min Malware

Malware Campaign Lures Users With Fake W2 Form

Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.

15 min Managed Detection and Response (MDR)

Ongoing Malvertising Campaign Leads to Ransomware

Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.

7 min Research

Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader

In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.

10 min Malware

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections.

7 min Velociraptor

How To Hunt For UEFI Malware Using Velociraptor

UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot enumeration module (late 2022), and Glupteba (November 2023) indicates that this historical trend may be changing. With this context, it is becoming important for security practitioners to understand visibility and collection capabilities for UEFI threats [http://4hko.drordi.com/info/understanding

3 min Threat Intel

Network Access for Sale: Protect Your Organization Against This Growing Threat

Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.

12 min Malware

Infostealer Malware Masquerades as Windows Application

Rapid7's Managed Detection and Response (MDR) team recently identified a malware campaign whose payload installs itself as a Windows application.

5 min News

Update on SolarWinds Supply-Chain Attack: SUNSPOT, SUNSHUTTLE and New Malware Family Associations

New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.

3 min Malware

The BadRabbit Ransomware Attack: What You Need To Know

What’s Up? Rapid7 has been tracking reports of an expanding ransomware campaign dubbed BadRabbit. Russian news outlets and other organizations across Europe have reported being victims of this malware and the “outbreak” is continuing to spread. The BadRabbit attackers appear to have learned some lessons from previous outbreaks earlier this year and have both limited the external spreading capabilities of the ransomware as well as made the payments a bit harder for researchers, responders and au

6 min Malware

The CIS Critical Controls Explained- Control 8: Malware Defenses

This is a continuation of our CIS critical security controls [/2017/04/19/the-cis-critical-security-controls-series] blog series. Workstations form the biggest threat surface in any organization. The CIS Critical Security Controls [http://4hko.drordi.com/fundamentals/cis-critical-security-controls/] include workstation and user-focused endpoint security in several of the controls, but Control 8 (Malware Defenses) is the only control to strictly focus on antivirus and malware across the organiza