ANY.RUN Releases A List of Top Malware Trends in November 2023

Off Uncategorized,

DUBAI, DUBAI, UNITED ARAB EMIRATES, November 30, 2023 /EINPresswire.com/ — ANY.RUN, a leading provider of an interactive malware analysis sandbox, released its latest findings on the evolving threat landscape. The platform, trusted by top security teams worldwide, sees over 14,000 sample submissions daily from its community, providing a vast repository of malware data for identifying emerging trends.

๐€๐ญ๐ญ๐š๐œ๐ค๐ž๐ซ๐ฌ ๐–๐ž๐š๐ฉ๐จ๐ง๐ข๐ณ๐ž ๐ˆ๐ฆ๐š๐ ๐ž๐ฌ ๐ญ๐จ ๐ƒ๐ž๐ฅ๐ข๐ฏ๐ž๐ซ ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž

ANY.RUN identified a new phishing campaign utilizing steganography, a technique that embeds data within other files, particularly, images.

As part of one of the attacks exposed by the companyโ€™s team, malicious code hidden inside an image downloaded and executed additional malware, giving attackers remote access to the victim’s computer.

This marks a resurgence of steganography, which had been less commonly used due to its complexity.

๐“๐ฒ๐œ๐จ๐จ๐ง ๐๐ฅ๐š๐ญ๐Ÿ๐จ๐ซ๐ฆ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐  ๐–๐ž๐›๐’๐จ๐œ๐ค๐ž๐ญ๐ฌ

ANY.RUN analyzed the Tycoon platform, a 2FA โ€“ Adversary-in-the-Middle (AiTM) and Phishing-as-a-Service (PhaaS) platform and discovered that it uses WebSockets to communicate with victims. This allows the platform to maintain a persistent connection with compromised devices.

๐Œ๐ข๐ฌ๐ฎ๐ฌ๐ž ๐จ๐Ÿ ๐‹๐ž๐ ๐ข๐ญ๐ข๐ฆ๐š๐ญ๐ž ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž๐ฌ ๐Ÿ๐จ๐ซ ๐๐ก๐ข๐ฌ๐ก๐ข๐ง๐ 

ANY.RUN observed a growing trend of attackers misusing legitimate services, such as InterPlanetary File System (IPFS), Google Translate, and page jump anchor techniques, to spread phishing scams. This tactic makes it more difficult for security solutions to detect phishing attempts.

๐‘๐š๐ง๐ฌ๐จ๐ฆ๐ฐ๐š๐ซ๐ž ๐‘๐ž๐ฌ๐ž๐š๐ซ๐œ๐ก ๐ฐ๐ข๐ญ๐ก ๐”๐ง๐ข๐ง๐ญ๐ž๐ง๐๐ž๐ ๐‚๐จ๐ง๐ฌ๐ž๐ช๐ฎ๐ž๐ง๐œ๐ž๐ฌ

ANY.RUN highlighted the case of a student who developed an academic proof-of-concept ransomware called MauriCrypt. Unfortunately, this research was exploited by malicious actors who used the code to create a real-world ransomware threat known as CryptGh0st.

๐’๐จ๐œ๐ค๐ฌ๐Ÿ“๐ฌ๐ฒ๐ฌ๐ญ๐ž๐ฆ๐ณ ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž ๐“๐ฎ๐ซ๐ง๐ฌ ๐ƒ๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ข๐ง๐ญ๐จ ๐๐ซ๐จ๐ฑ๐ข๐ž๐ฌ

ANY.RUN re-examined socks5systemz, a malware first spotted three years ago. The malware turns victimsโ€™ devices into proxies for forwarding traffic, potentially enabling malicious activity.

Learn more about ANY.RUNโ€™s research in the companyโ€™s blog.

Vlada Belousova
ANYRUN FZCO
email us here
2027889264
Visit us on social media:
Twitter
YouTube

About The Author

Privacy Policy