This blog provides an overview of the situation surrounding the release of the source code, and supplementary 'injection' files, for the Android banking trojan 'Cerberus'.

This blog summarizes the findings of an investigation into the current status of the Brazilian threat group known as 'Prilex' who came to prominence in late 2017 and early 2018 for their ATM jackpotting and point-of-sale (POS) terminal attacks. Whilst the group were believed to have been active since 2014, a distinct absence of 'chatter' and reporting of their activity since 2018 seemingly suggested that the group had ceased operations.

These vulnerabilities were observed to be critical in October 2020. Cyberint's Research Team recommends to patch and take the necessary steps immediately.

First identified as active in November 2012, 'njRAT', also known as 'Bladabindi' or 'Njw0rm', is a well established and prevalent remote access trojan (RAT) threat that was initially created by a cybercriminal threat group known as 'Sparclyheason' and used to target victims located in the Middle East. Undoubtedly following the source code leak, reportedly in May 2013, njRAT has become widely available on the cybercriminal underground with numerous variants being released over the years.

Historically targeting the financial sector, and first observed in 2014 as a banking trojan, Emotet remains an active and credible threat to organizations across all industries worldwide and, whilst retaining some core data stealing capabilities, has evolved to act as a downloader for secondary malicious payloads.

An investigation into a suspicious Facebook Messenger message led to the identification of an active Facebook phishing campaign seemingly resulting in victim accounts being abused by the threat actor to further propagate the phishing lure.

Wednesday 15 July 2020 saw the compromise of multiple high-profile Twitter users, including cryptocurrency exchanges, famous individuals and organizations, with their accounts subsequently being abused to Tweet cryptocurrency giveaway scams.

Following reports of suspected ransomware attacks against various organizations in Taiwan, this report summarizes what is known of the threats thus far as well as providing recommendations for those that either operate in the targeted industries or region.

Cyberint research team closely monitors threats related to COVID-19, leveraging the global fear and uncertainty around it. Utilizing thematic lures, a variety of cyberattacks have been launched during a time when many are seeking critical information on the outbreak. Exploiting the headline-dominating crisis, individuals, organizations and governments alike are tricked into opening malicious payloads, visiting malicious websites and are subject to misinformation or fraud.

We love it when our teams and colleagues are sharing with us their personal projects and findings - this time, Android Apps Penetration Testing by our own Noy Pearl. If you are an android developer, pen-tester, researcher or just like most of us a security enthusiasts - this one is for you.