Threat Labs Netskope

  • Python NodeStealer Targets Facebook Ads Manager with New Techniques
    by Jan Michael Alcantara on November 20, 2024 at 3:00 pm

    Summary In September 2023, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new The post Python NodeStealer Targets Facebook Ads Manager with New Techniques appeared first on Netskope.

  • Netskope Threat Labs Quarterly Stats for October 2024
    by Netskope Staff on October 29, 2024 at 8:07 pm

    Netskope Threat Labs publishes a quarterly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Cloud Malware Delivery Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud The post Netskope Threat Labs Quarterly Stats for October 2024 appeared first on Netskope.

  • Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages
    by Jan Michael Alcantara on October 23, 2024 at 1:00 pm

    Summary From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials. The campaigns The post Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages appeared first on Netskope.

  • GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RAT
    by Paolo Passeri on October 21, 2024 at 8:57 pm

    One of the most interesting findings of our Netskope Threat Labs Report: Insurance 2024 was the discovery that GitHub is the most popular application in terms of malware downloads for this specific vertical, surpassing Microsoft OneDrive, which is usually the undisputed leader of this unwelcome chart. An interesting confirmation of this peculiar trend of the The post GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RAT appeared first on Netskope.

  • New Bumblebee Loader Infection Chain Signals Possible Resurgence
    by Leandro FrĂłes on October 18, 2024 at 3:29 pm

    Summary Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used. The Netskope Threat Labs team The post New Bumblebee Loader Infection Chain Signals Possible Resurgence appeared first on Netskope.

  • Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques
    by Jan Michael Alcantara on September 30, 2024 at 2:00 pm

    Summary XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by The post Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques appeared first on Netskope.

  • DCRat Targets Users with HTML Smuggling
    by Nikhil Hegde on September 26, 2024 at 2:00 pm

    Summary DCRat (also known as Dark Crystal RAT) is a modular remote access Trojan (RAT) which is offered as malware-as-a-service (MaaS) and has been around since 2018. It is written in C# and has typical RAT and information stealing capabilities, such as executing shell commands, logging keystrokes, exfiltrating files and credentials, among others. DCRat has The post DCRat Targets Users with HTML Smuggling appeared first on Netskope.

  • Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azure
    by Paolo Passeri on September 11, 2024 at 3:44 pm

    One of the advantages of exploiting a cloud service to host the attack infrastructure, is that the threat actors can use either a legitimate compromised account or create a new one specifically for their malicious purposes.  According to researchers at Microsoft, this modus operandi has been used by APT33 (also known as “Peach Sandstorm”), a The post Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azure appeared first on Netskope.

  • Latrodectus Rapid Evolution Continues With Latest New Payload Features
    by Leandro FrĂłes on August 29, 2024 at 2:00 pm

    Summary Latrodectus is a downloader first discovered by Walmart back in October of 2023. The malware became very famous due to its similarities with the famous IcedID malware, not only in the code itself but also the infrastructure, as previously reported by Proofpoint and Team Cymru S2.  The malware is usually delivered via email spam The post Latrodectus Rapid Evolution Continues With Latest New Payload Features appeared first on Netskope.

  • Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks
    by Jan Michael Alcantara on August 27, 2024 at 2:00 pm

    Summary In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The majority of the credential grabbing pages investigated used “Quishing,” a form of phishing that uses QR code to trick users into accessing a malicious website. The phishing campaigns targeted MS Office credentials, using documents The post Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks appeared first on Netskope.

Share Websitecyber