ANY.RUN Releases A List of Top Malware Trends in November 2023

Off Uncategorized,

DUBAI, DUBAI, UNITED ARAB EMIRATES, November 30, 2023 /EINPresswire.com/ — ANY.RUN, a leading provider of an interactive malware analysis sandbox, released its latest findings on the evolving threat landscape. The platform, trusted by top security teams worldwide, sees over 14,000 sample submissions daily from its community, providing a vast repository of malware data for identifying emerging trends.

𝐀𝐭𝐭𝐚𝐜𝐤𝐞𝐫𝐬 𝐖𝐞𝐚𝐩𝐨𝐧𝐢𝐳𝐞 𝐈𝐦𝐚𝐠𝐞𝐬 𝐭𝐨 𝐃𝐞𝐥𝐢𝐯𝐞𝐫 𝐌𝐚𝐥𝐰𝐚𝐫𝐞

ANY.RUN identified a new phishing campaign utilizing steganography, a technique that embeds data within other files, particularly, images.

As part of one of the attacks exposed by the company’s team, malicious code hidden inside an image downloaded and executed additional malware, giving attackers remote access to the victim's computer.

This marks a resurgence of steganography, which had been less commonly used due to its complexity.

𝐓𝐲𝐜𝐨𝐨𝐧 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐢𝐧𝐠 𝐖𝐞𝐛𝐒𝐨𝐜𝐤𝐞𝐭𝐬

ANY.RUN analyzed the Tycoon platform, a 2FA – Adversary-in-the-Middle (AiTM) and Phishing-as-a-Service (PhaaS) platform and discovered that it uses WebSockets to communicate with victims. This allows the platform to maintain a persistent connection with compromised devices.

𝐌𝐢𝐬𝐮𝐬𝐞 𝐨𝐟 𝐋𝐞𝐠𝐢𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬 𝐟𝐨𝐫 𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠

ANY.RUN observed a growing trend of attackers misusing legitimate services, such as InterPlanetary File System (IPFS), Google Translate, and page jump anchor techniques, to spread phishing scams. This tactic makes it more difficult for security solutions to detect phishing attempts.

𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝐰𝐢𝐭𝐡 𝐔𝐧𝐢𝐧𝐭𝐞𝐧𝐝𝐞𝐝 𝐂𝐨𝐧𝐬𝐞𝐪𝐮𝐞𝐧𝐜𝐞𝐬

ANY.RUN highlighted the case of a student who developed an academic proof-of-concept ransomware called MauriCrypt. Unfortunately, this research was exploited by malicious actors who used the code to create a real-world ransomware threat known as CryptGh0st.

𝐒𝐨𝐜𝐤𝐬𝟓𝐬𝐲𝐬𝐭𝐞𝐦𝐳 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐓𝐮𝐫𝐧𝐬 𝐃𝐞𝐯𝐢𝐜𝐞𝐬 𝐢𝐧𝐭𝐨 𝐏𝐫𝐨𝐱𝐢𝐞𝐬

ANY.RUN re-examined socks5systemz, a malware first spotted three years ago. The malware turns victims’ devices into proxies for forwarding traffic, potentially enabling malicious activity.

Learn more about ANY.RUN’s research in the company’s blog.

Vlada Belousova
ANYRUN FZCO
email us here
2027889264
Visit us on social media:
Twitter
YouTube

About The Author

Privacy Policy