Estimated reading time: 6 minutes
Quick Heal Security Labs has been monitoring various attack campaigns using JSOutProx RAT against different SMBs in the BFSI sector since January 2021. We have found multiple payloads being dropped at different stages of its operations. Although the...Search Results
Estimated reading time: 4 minutes
CetaRAT was seen for the first time in the Operation SideCopy APT. Now it is continuously expanding its activity since then. We have been tracking this RAT for a long time and observed an increase in targeting the Indian...
Estimated reading time: 5 minutes
In a recent event, Kaseya – the US-based software provider for MSPs and IT Teams reported a worldwide Supply Chain Attack on July 2, 2021 taking advantage of US Independence Day as leverage since the strength of staff to...
Estimated reading time: 3 minutes
The SideCopy APT Group has expanded its activity this year and now targets critical Indian sectors this time. Quick Heal Security Labs researchers have been tracking the notorious cyber-attack group – ‘Transparent Tribe’ since the first SideCopy campaign in...
Estimated reading time: 5 minutes
On March 2, Microsoft announced a threat group, HAFNIUM, is actively exploiting four zero-day vulnerabilities in their Exchange Servers. Microsoft has released out-of-band security updates (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), enabling attackers to take access email accounts and run...
Estimated reading time: 4 minutes
Zloader aka Terdot – a variant of the infamous Zeus banking malware is well known for aggressively using “.xls”, “.xlsx” documents as its initial vector to deliver its payload. Despite this, recently we have come across “.docm” file which...
Estimated reading time: 4 minutes
Introduction: Researchers at Quick Heal Security Labs have uncovered a potential Spear Phishing campaign targeted against Indian Army personnel. In this attack, the attackers are using “Army Welfare Education Society” Scholarship form as lure. About AWES: Army Welfare Education...
Estimated reading time: 4 minutes
A few months back, Delphibased malware was being distributed on multiple systems via SMB exploit. The payloads used by this malware have close similarities with open-source Gh0stRAT code. Gh0st has been used by Chinese threat actors to target multiple...
Estimated reading time: 5 minutes
Ransomware has come a long way in cyberspace by continuous improvement in its techniques and tactics in encrypting system files. Over the years ransomware has improvised itself by moving from PE to non-PE and standalone payloads, by using different...
Estimated reading time: 2 minutes
In an age where solutions like cloud, mobility, storage and security are offered as part of service models, it is to no surprise that malware also has its service offering, aptly called Malware-as-a-Service (MaaS)? Of course, there’s a misnomer...