ANY.RUN Releases A List of Top Malware Trends in November 2023
DUBAI, DUBAI, UNITED ARAB EMIRATES, November 30, 2023 /EINPresswire.com/ — ANY.RUN, a leading provider of an interactive malware analysis sandbox, released its latest findings on the evolving threat landscape. The platform, trusted by top security teams worldwide, sees over 14,000 sample submissions daily from its community, providing a vast repository of malware data for identifying emerging trends.
๐๐ญ๐ญ๐๐๐ค๐๐ซ๐ฌ ๐๐๐๐ฉ๐จ๐ง๐ข๐ณ๐ ๐๐ฆ๐๐ ๐๐ฌ ๐ญ๐จ ๐๐๐ฅ๐ข๐ฏ๐๐ซ ๐๐๐ฅ๐ฐ๐๐ซ๐
ANY.RUN identified a new phishing campaign utilizing steganography, a technique that embeds data within other files, particularly, images.
As part of one of the attacks exposed by the companyโs team, malicious code hidden inside an image downloaded and executed additional malware, giving attackers remote access to the victim’s computer.
This marks a resurgence of steganography, which had been less commonly used due to its complexity.
๐๐ฒ๐๐จ๐จ๐ง ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ ๐๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐ ๐๐๐๐๐จ๐๐ค๐๐ญ๐ฌ
ANY.RUN analyzed the Tycoon platform, a 2FA โ Adversary-in-the-Middle (AiTM) and Phishing-as-a-Service (PhaaS) platform and discovered that it uses WebSockets to communicate with victims. This allows the platform to maintain a persistent connection with compromised devices.
๐๐ข๐ฌ๐ฎ๐ฌ๐ ๐จ๐ ๐๐๐ ๐ข๐ญ๐ข๐ฆ๐๐ญ๐ ๐๐๐ซ๐ฏ๐ข๐๐๐ฌ ๐๐จ๐ซ ๐๐ก๐ข๐ฌ๐ก๐ข๐ง๐
ANY.RUN observed a growing trend of attackers misusing legitimate services, such as InterPlanetary File System (IPFS), Google Translate, and page jump anchor techniques, to spread phishing scams. This tactic makes it more difficult for security solutions to detect phishing attempts.
๐๐๐ง๐ฌ๐จ๐ฆ๐ฐ๐๐ซ๐ ๐๐๐ฌ๐๐๐ซ๐๐ก ๐ฐ๐ข๐ญ๐ก ๐๐ง๐ข๐ง๐ญ๐๐ง๐๐๐ ๐๐จ๐ง๐ฌ๐๐ช๐ฎ๐๐ง๐๐๐ฌ
ANY.RUN highlighted the case of a student who developed an academic proof-of-concept ransomware called MauriCrypt. Unfortunately, this research was exploited by malicious actors who used the code to create a real-world ransomware threat known as CryptGh0st.
๐๐จ๐๐ค๐ฌ๐๐ฌ๐ฒ๐ฌ๐ญ๐๐ฆ๐ณ ๐๐๐ฅ๐ฐ๐๐ซ๐ ๐๐ฎ๐ซ๐ง๐ฌ ๐๐๐ฏ๐ข๐๐๐ฌ ๐ข๐ง๐ญ๐จ ๐๐ซ๐จ๐ฑ๐ข๐๐ฌ
ANY.RUN re-examined socks5systemz, a malware first spotted three years ago. The malware turns victimsโ devices into proxies for forwarding traffic, potentially enabling malicious activity.
Learn more about ANY.RUNโs research in the companyโs blog.
Vlada Belousova
ANYRUN FZCO
email us here
2027889264
Visit us on social media:
Twitter
YouTube