TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. Read More HERE…

Read more

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. Read More HERE…

Read more

Electricity/Energy Cybersecurity: Trends & Survey Response

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations. Read More HERE…

Read more

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. Read More HERE…

Read more

Massive Phishing Campaigns Target India Banks’ Clients

We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. Read More HERE…

Read more

Manufacturing Cybersecurity: Trends & Survey Response

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations. Read More HERE…

Read more

Oil and Gas Cybersecurity: Trends & Response to Survey

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations. Read More HERE…

Read more

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations. Read More HERE…

Read more

Cyberattacks are Prominent in the Russia-Ukraine Conflict

Alongside the physical conflict happening between Russia and Ukraine, there have also been an increasing number of alleged cyberattacks perpetrated by different groups.
Our research teams have verified and validated internal data and external reports to provide accurate information that can be used to strengthen defenses against these attacks. We will continuously update this blog with validated threats as more events unfold. Read More HERE…

Read more