Estimated reading time: 8 minutes
The global craze around cryptocurrency has fueled both innovation and exploitation. While many legally chase digital gold, cybercriminals hijack devices to mine it covertly. Recently, we encountered a phishing website impersonating a well-known bank, hosting a fake Android app....
Estimated reading time: 5 minutes
Overview Seqrite Labs APT-Team has identified and tracked UNG0002 also known as Unknown Group 0002, a bunch of espionage-oriented operations which has been grouped under the same cluster conducting campaigns across multiple Asian jurisdictions including China, Hong Kong, and...
Estimated reading time: 9 minutes
During our recent investigation at Seqrite Labs, we identified a sophisticated variant of Masslogger credential stealer malware spreading through .VBE (VBScript Encoded) files. Initially, the variant appeared to be a typical script-based threat, but upon deeper analysis it turned...
Estimated reading time: 3 minutes
The eMagicOne Store Manager for WooCommerce plugin is in WordPress used to simplify and improve store management by providing functionality not found in the normal WooCommerce admin interface. Two serious flaws, CVE-2025-5058 and CVE-2025-4603, were found in the eMagicOne...
Estimated reading time: 10 minutes
Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious ZIP File. Stage 1 – Malicious VELETRIX implant. Stage 2 – Malicious V-Shell implant. Hunting and Infrastructure. Attribution Conclusion Seqrite Protection. IOCs MITRE ATT&CK. Authors: Subhajeet Singha...
Estimated reading time: 14 minutes
Content Introduction Initial Findings. Looking into the decoy. Infection Chain. Technical Analysis. Stage 1 – Malicious LNK Script. Stage 2 – Malicious Pterois Implant. Stage 3 – Malicious Isurus Implant. Stage 4 – Malicious Cobalt Strike Shellcode. Infrastructure and...
Estimated reading time: 4 minutes
Yelp is the default help browser in GNOME-based Linux distributions, including widely used systems such as Ubuntu, Fedora and Debian etc. It is responsible for rendering help documentation written in the Mallard XML format and integrates tightly with the...
Estimated reading time: 8 minutes
Cybercriminals continually refine their tactics, making Android malware more insidious and challenging to detect. A new variant of the fake NextGen mParivahan malware has emerged, following its predecessor’s deceptive strategies but introducing significant enhancements. Previously, attackers exploited the government’s...
Estimated reading time: 8 minutes
Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics Contents Introduction Infection Chain Initial Findings Campaign 1 Looking into PDF document. Campaign 2 Looking into PDF document. Technical Analysis Campaign 1 & 2 Conclusion Seqrite Protection MITRE ATT&CK...Estimated reading time: 10 minutes
Contents Introduction Key Targets Industries Affected Geographical Focus Infection Chain Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious RAR File Stage 2 – Malicious .NET malware-dropper Stage 3 – Malicious Golang Shellcode loader Stage 4...