Nigeria Scammers Using Agent Tesla Remote Access Trojan (RAT) In Financial Scams
Nigeria Scammers Using Agent Tesla Remote Access Trojan (RAT) In Financial Scams
  • Alert & Advisory
  • June 3, 2022

Interpol recently reported the arrest of Nigerians in financial scams using Agent Tesla during a sting operation conducted by the Economic and Financial Crimes Commission (EFCC). Agent Tesla is a remote access tool (RAT) that enables users to remotely control computers. This tool is available for purchase from its official website, and its developers present it as a legitimate program. As an information-stealer that extracts user credentials stored in web browsers, emails, and File Transfer Protocol (FTP) clients, it has recently surpassed the status of most widely distributed malware. Interpol apprehended three notorious fraudsters in Lagos who used Agent Tesla as part of their Business Email Compromise (BEC) attacks in an operation dubbed "Killer Bee."

Dangerous Malware Targets Android Devices
Dangerous Malware Targets Android Devices
  • Alert & Advisory
  • June 2, 2022

Ermac, a dangerous malware that targeted Android devices in 2021, has reappeared as Ermac 2.0. Ermac is a trojan that steals user credentials from banking apps and crypto wallets included in the list of targeted apps and sends them to threat actors. It currently targets 467 apps and is available for rent on the darknet for $5000 per month by threat actors.

Novel Use of Chatbots in Phishing Schemes
Novel Use of Chatbots in Phishing Schemes
  • Alert & Advisory
  • May 23, 2022

Hackers have begun incorporating chatbots into their phishing schemes to provide an air of authenticity to an interaction. Chatbots have become a more common medium of engagement on mainstream company websites, so using it during a phishing attack instills trust in the victim that the interaction is genuine. A chatbot is a program that simulates conversations with human users, allowing businesses to provide customer service around the clock while saving money.

Malicious Actors Planting Fileless Malware on target machines using Event Logs
Malicious Actors Planting Fileless Malware on target machines using Event Logs
  • Alert & Advisory
  • May 20, 2022

Unknown bad actors have developed a novel method of deploying fileless malware by injecting shellcode directly into Windows event logs. This novel method of payload storage has never been attempted before, emphasizing the importance of remaining vigilant in the face of threats. Fileless malware is a type of malicious activity that executes a cyber attack by utilizing native, legitimate tools built into a system.

Warning on a New Wave of Attacks Distributing Jester Malware
Warning on a New Wave of Attacks Distributing Jester Malware
  • Alert & Advisory
  • May 11, 2022

The Ukrainian Computer Emergency Response Team reported that threat actors have been sending phishing emails with the subject line "chemical attack" to their citizens in an attempt to spread the information-stealing malware Jester Stealer. However, subject line could be modified to effectively lure victims into taking urgent actions. This type of attack has previously escaped into the wild and caused widespread damage, and there has been a historical pattern of cyberattacks on Ukraine with international ramifications that have resulted in billions of dollars in damages, thus the need for this advisory.

Related Articles