FortiGuard Labs Weekly Threat Update – Week of 27 September 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profile notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief: Malware and Zero Day Attacks We breakdown our analysis of a Continue Reading

New NetWire RAT Variant Being Spread Via Phishing

A FortiGuard Labs Threat Analysis Background NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. In Continue Reading

WordPress (Core) Stored XSS Vulnerability

FortiGuard Labs Breaking Threat Research Overview WordPress is the world’s most popular Content Management System (CMS). It has 60.4% of the global CMS market share, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of Continue Reading

Tracking Down a Big Phish

A FortiGuard SE Threat Research Blog     As a threat researcher, I have learned that continually monitoring malicious activities often provides unique insights into criminal behavior. This is due to three things. First, threat actors tend to be more like sheep than mavericks because they work in clusters. I don’t Continue Reading

The Gamaredon Group: A TTP Profile Analysis

A FortiGuard Labs Threat Analysis FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to Continue Reading

Fake Indian Income Tax Calculator Delivers xRAT Variant

A FortiGuard Labs Breaking Threat Report Tax-themed phishing and malware attacks rise during the tax filing season. FortiGuard Labs recently came upon an interesting Excel file claiming to provide an income tax calculator that purports to be from India’s Income Tax Department. It’s not. Instead, it’s a malicious file containing Continue Reading

Tricky Chinese-Targeted Trojan Bypasses Authentication

A FortiGuard Labs Threat Analysis Report Introduction FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. This attack uses a watering hole attack strategy to target Chinese-speaking users by delivering malware through a Continue Reading

New Ursnif Variant Spreading by Word Document

Breaking FortiGuard Labs Threat Research  NOTE: This threat is actively spreading. During my analysis, which started with just a few samples, the volume of captured samples and the number of triggers this new variant set off in our global network of sensors kept growing. Because of this, we highly recommend Continue Reading

Fortinet Reports Increased YoY Threat Activity for Q2 2019

Fortinet has just released its Threat Landscape Report for Q2 of 2019. This quarterly series provides key insights into the threat trends and cybercriminals behaviors to help organizations prepare for and protect themselves against their constantly evolving adversaries. As evidence of this challenge, Fortinet’s Threat Landscape Index – a barometer Continue Reading

The Malicious Use of Pastebin

A FortiGuard Labs Threat Analysis Report The FortiGuard Labs threat research team has been noticing for some time that Pastebin and similar services are being used by malware authors, sometimes to evade detection or to obscure their purposes. However, we had no idea how common this practice is or what Continue Reading