Analysis of a New HawkEye Variant

Threat Analysis by FortiGuard Labs Background FortiGuard Labs recently captured a malware being spread by a phishing email. After a quick analysis, I discovered that it was a new variant of the HawkEye malware. HawkEye is known as a keylogger and an application credential stealing malware. Over past few years, Continue Reading

Over 185,000 Payment Card Details Stolen by MageCart

Threat Analysis Report from FortiGuard Labs FortiGuard Labs has been monitoring the development on the e-commerce threat landscape, such as the stealthworker malware that brute-force its way to compromise e-commerce websites, and MageCart that steals payment card details from compromised websites. MageCart is the name given to numerous cybercriminal groups that embed Continue Reading

New Spam Attack Targets Romanian Corporation

A FortiGuard SE Team Threat Analysis Report The FortiGuard SE team has discovered an ongoing malicious spam campaign targeting a critical infrastructure energy provider in Romania over the past few weeks. It uses a combination of a variant of the Fareit/Pony downloader together with the Formbook infostealer malware. While we Continue Reading

Securing the Network Edge

A New Joint Analysis from the Cyber Threat Alliance Outlines the Growing Threat to the Devices Deployed at the Boundaries, or Edges, of Interconnected Networks     Digital transformation continues to generate new networking environments, from multi-cloud networks to SD-Branches to the emerging 5G-enabled remote edge, comprised of a growing number of Continue Reading

Detailed Analysis of macOS Vulnerability CVE-2019-8507

FortiGuard Labs Threat Analysis Report on an Memory Corruption Vulnerability in QuartzCore while Handling Shape Object. On March 25, 2019, Apple released macOS Mojave 10.14.4 and iOS 12.2. These two updates fixed a number of security vulnerabilities, including CVE-2019-8507 in QuartzCore (aka CoreAnimation), which I reported to Apple on January 3, Continue Reading

Predator the Thief: New Routes of Delivery

A FortiGuard Labs Threat Analysis Paper Introduction In March 2019, FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, Continue Reading

LockerGoga: Ransomware Targeting Critical Infrastructure

A FortiGuard Labs Threat Analysis Report Since the discovery of Stuxnet, more and more attacks are being discovered targeting critical infrastructures. While some attacks are sophisticated and some are not, both can cause significant damage with far-reaching impact.   Figure 1. Critical infrastructure attacks since Stuxnet discovery In the early age Continue Reading

Analysis of the New Modules that Emotet Spreads

Threat Analysis Report from FortiGuard Labs Just a few days ago, FortiGuard Labs published a research blog about a fresh variant of Emotet. When I wrote that blog, I had not yet detected any further malicious actions from its C&C server. However, I have continued to monitor its connections, and Continue Reading

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A Threat Analysis Report from FortiGuard Labs FortiGuard Labs recently discovered a new campaign of StealthWorker malware, also called GoBrut, that was first reported by Malwarebytes just a few days ago. This malware is written in Golang. Although uncommonly seen being used by malware, it is the same programming language Continue Reading

Breakdown of a Targeted DanaBot Attack

A FortiGuard SE Team Threat Analysis Report On Feb 5th, 2019, the FortiGuard SE team discovered a targeted attack aimed at an unknown individual working for a governmental organization located in the city of Gold Coast, Australia. Within a span of a few days, we had observed additional activity targeting Continue Reading

>