Trend Micro Research : Mobile
Earth Preta’s Cyberespionage Campaign Hits Over 200
We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. Read More HERE…
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. Read More HERE…
New APT34 Malware Targets The Middle East
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. Read More HERE…
Attacking The Supply Chain: Developer
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”. Read More HERE…
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. Read More HERE…
Trend Joining App Defense Alliance Announced by Google
Trend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store. Read More HERE…
Massive Phishing Campaigns Target India Banks’ Clients
We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. Read More HERE…
Comprehensive Traceability for Android Supply-Chain Security
We discuss the importance of traceability in the world of mobile operating systems. Read More HERE…
Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. Read More HERE…