Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Foresiet Threat Intelligence Team has recently conducted an in-depth analysis of an Android malware Trojan masquerading as the "VAHAN PARIVAHAN.apk" application. This trojan poses a significant threat to users by leveraging a backdoor, utilizing the Telegram API bot, and exploiting the services of GoDaddy.com LLC and Mark Monitor Inc. In this blog, we delve into the specifics of this malware, including its technical details, behavior, and potential impact on users.

Attackers are continually developing sophisticated techniques to bypass defensive measures and achieve their goals. One highly effective approach involves exploiting the operating system's native features to evade detection and ensure compatibility. In the realm of ransomware threats, this can be seen in the use of the cryptographic functions within ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.

Foresiet, your trusted cybersecurity partner, delves into the intricate world of ransomware attacks targeting VMware ESXi infrastructure, shedding light on the established patterns uncovered by cybersecurity firm Sygnia. These findings unveil a standardized sequence of actions adopted by threat actors, regardless of the variant of file-encrypting malware deployed. Understanding the Modus Operandi.

Ransomware is one of the fastest-growing cyber attack vectors, making it crucial to learn how to prevent it. To prevent ransomware attacks on your devices, you should avoid clicking suspicious links and attachments, never insert random USBs into your device, keep your Operating System (OS) up to date, use a Virtual Private Network (VPN) when connecting to public WiFi and use a password manager to ensure your passwords are strong.

Ongoing social engineering campaign targets enterprises, hackers expand DNS tunneling, and a malvertising campaign leads to ransomware.

The US National Institute of Standards and Technology (NIST) has long served as the US federal government’s officially designated creator and publisher of controls frameworks for cybersecurity. The organization developed the first NIST Cybersecurity Framework (NIST CSF) in 2014.

Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers.

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan. The criminal malware operation was disrupted by law enforcement in January 2024 but resurfaced in March with an expanded set of targets. The new version of the malware is targeting more than 1,500 banks in over sixty countries.

In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.