Tricky Chinese-Targeted Trojan Bypasses Authentication

A FortiGuard Labs Threat Analysis Report Introduction FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. This attack uses a watering hole attack strategy to target Chinese-speaking users by delivering malware through a Continue Reading

The Malicious Use of Pastebin

A FortiGuard Labs Threat Analysis Report The FortiGuard Labs threat research team has been noticing for some time that Pastebin and similar services are being used by malware authors, sometimes to evade detection or to obscure their purposes. However, we had no idea how common this practice is or what Continue Reading

A Deep Dive Into IcedID Malware: Part III – Analysis of Child Processes

FortiGuard Labs Threat Analysis Report Series In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III below, we’ll provide a deep analysis of those child processes. Let’s get started! 0x01 Child process A (entry offset: 0x168E) This first Continue Reading

BianLian: A New Wave Emerges

FortiGuard Labs Breaking Threat Research Recently, during our daily malware analysis routine, members of the FortiGuard Labs team encountered an Android sample that did not look familiar.  Analysis At a first look, it seemed clear that the APK was heavily obfuscated, and was possibly packed using some technique we had Continue Reading

Inter: Skimmer For All

A FortiGuard Labs Threat Analysis Report  Using web skimmers to steal payment card details has become a good business for cybercriminals. In fact, just last month, FortiGuard Labs discovered a campaign that has stolen the data from over 185,000 payment cards in a one year operation. MageCart, the collective name Continue Reading

Analysis of a New HawkEye Variant

Threat Analysis by FortiGuard Labs Background FortiGuard Labs recently captured a malware being spread by a phishing email. After a quick analysis, I discovered that it was a new variant of the HawkEye malware. HawkEye is known as a keylogger and an application credential stealing malware. Over past few years, Continue Reading

Over 185,000 Payment Card Details Stolen by MageCart

Threat Analysis Report from FortiGuard Labs FortiGuard Labs has been monitoring the development on the e-commerce threat landscape, such as the stealthworker malware that brute-force its way to compromise e-commerce websites, and MageCart that steals payment card details from compromised websites. MageCart is the name given to numerous cybercriminal groups that embed Continue Reading

New Spam Attack Targets Romanian Corporation

A FortiGuard SE Team Threat Analysis Report The FortiGuard SE team has discovered an ongoing malicious spam campaign targeting a critical infrastructure energy provider in Romania over the past few weeks. It uses a combination of a variant of the Fareit/Pony downloader together with the Formbook infostealer malware. While we Continue Reading

Securing the Network Edge

A New Joint Analysis from the Cyber Threat Alliance Outlines the Growing Threat to the Devices Deployed at the Boundaries, or Edges, of Interconnected Networks     Digital transformation continues to generate new networking environments, from multi-cloud networks to SD-Branches to the emerging 5G-enabled remote edge, comprised of a growing number of Continue Reading

Detailed Analysis of macOS Vulnerability CVE-2019-8507

FortiGuard Labs Threat Analysis Report on an Memory Corruption Vulnerability in QuartzCore while Handling Shape Object. On March 25, 2019, Apple released macOS Mojave 10.14.4 and iOS 12.2. These two updates fixed a number of security vulnerabilities, including CVE-2019-8507 in QuartzCore (aka CoreAnimation), which I reported to Apple on January 3, Continue Reading

>