Fake Indian Income Tax Calculator Delivers xRAT Variant

A FortiGuard Labs Breaking Threat Report Tax-themed phishing and malware attacks rise during the tax filing season. FortiGuard Labs recently came upon an interesting Excel file claiming to provide an income tax calculator that purports to be from India’s Income Tax Department. It’s not. Instead, it’s a malicious file containing Continue Reading

Tricky Chinese-Targeted Trojan Bypasses Authentication

A FortiGuard Labs Threat Analysis Report Introduction FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. This attack uses a watering hole attack strategy to target Chinese-speaking users by delivering malware through a Continue Reading

New Ursnif Variant Spreading by Word Document

Breaking FortiGuard Labs Threat Research  NOTE: This threat is actively spreading. During my analysis, which started with just a few samples, the volume of captured samples and the number of triggers this new variant set off in our global network of sensors kept growing. Because of this, we highly recommend Continue Reading

Fortinet Reports Increased YoY Threat Activity for Q2 2019

Fortinet has just released its Threat Landscape Report for Q2 of 2019. This quarterly series provides key insights into the threat trends and cybercriminals behaviors to help organizations prepare for and protect themselves against their constantly evolving adversaries. As evidence of this challenge, Fortinet’s Threat Landscape Index – a barometer Continue Reading

The Malicious Use of Pastebin

A FortiGuard Labs Threat Analysis Report The FortiGuard Labs threat research team has been noticing for some time that Pastebin and similar services are being used by malware authors, sometimes to evade detection or to obscure their purposes. However, we had no idea how common this practice is or what Continue Reading

LiveZilla Live Chat Technical Advisory

Breaking Threat Research from FortiGuard Labs Introduction In June 2019, Fortinet’s FortiGuard Labs discovered and reported 7 vulnerabilities in Live Chat, the Next Generation Live Help and Live Support System from LiveZilla that connects organizations to their website visitors. LiveZilla is a software company trusted by Fortune 500 companies and Continue Reading

Zegost from Within – New Campaign Targeting Internal Interests

Adversary Playbook: The FortiGuard SE Team is releasing this new playbook on the threat actor group named Yet Another Panda as part of our role in the Cyber Threat Alliance. For more information regarding this series of adversary playbooks being created by CTA members, please visit the Cyber Threat Alliance Continue Reading

A Deep Dive Into IcedID Malware: Part III – Analysis of Child Processes

FortiGuard Labs Threat Analysis Report Series In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III below, we’ll provide a deep analysis of those child processes. Let’s get started! 0x01 Child process A (entry offset: 0x168E) This first Continue Reading

BianLian: A New Wave Emerges

FortiGuard Labs Breaking Threat Research Recently, during our daily malware analysis routine, members of the FortiGuard Labs team encountered an Android sample that did not look familiar.  Analysis At a first look, it seemed clear that the APK was heavily obfuscated, and was possibly packed using some technique we had Continue Reading

Inter: Skimmer For All

A FortiGuard Labs Threat Analysis Report  Using web skimmers to steal payment card details has become a good business for cybercriminals. In fact, just last month, FortiGuard Labs discovered a campaign that has stolen the data from over 185,000 payment cards in a one year operation. MageCart, the collective name Continue Reading

>