Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

We found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.

The post Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers appeared first on .


Netwalker Fileless Ransomware Injected via Reflective Loading

Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.

The post Netwalker Fileless Ransomware Injected via Reflective Loading appeared first on .


QNodeService: Node.js Trojan Spread via Covid-19 Lure

QNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things.

The post QNodeService: Node.js Trojan Spread via Covid-19 Lure appeared first on .


May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released

This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important.

The post May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released appeared first on .


Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

We found that Tropic Trooper’s latest activities center on targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information.

The post Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments appeared first on .