Threat Labs Netskope

  • New Yokai Side-loaded Backdoor Targets Thai Officials
    by Nikhil Hegde on December 13, 2024 at 3:00 pm

    Summary DLL side-loading is a popular technique used by threat actors to execute malicious payloads under the umbrella of a benign, usually legitimate, executable. This allows the threat actor to exploit whitelists in security products that exclude trusted executables from detection. Among others, this technique has been leveraged by APT41 to deploy DUSTTRAP and Daggerfly The post New Yokai Side-loaded Backdoor Targets Thai Officials appeared first on Netskope.

  • Netskope Threat Labs Predictions for 2025
    by Netskope Staff on November 27, 2024 at 3:00 pm

    Continuing our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we gathered some hot topics and predictions from the Netskope Threat Labs team based on what they are starting to see evolving in the landscape. Here’s what they had to say: The great AI crackdown Ray Canzanese, Director of Netskope Threat The post Netskope Threat Labs Predictions for 2025 appeared first on Netskope.

  • Python NodeStealer Targets Facebook Ads Manager with New Techniques
    by Jan Michael Alcantara on November 20, 2024 at 3:00 pm

    Summary In September 2023, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new The post Python NodeStealer Targets Facebook Ads Manager with New Techniques appeared first on Netskope.

  • Netskope Threat Labs Quarterly Stats for October 2024
    by Netskope Staff on October 29, 2024 at 8:07 pm

    Netskope Threat Labs publishes a quarterly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Cloud Malware Delivery Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud The post Netskope Threat Labs Quarterly Stats for October 2024 appeared first on Netskope.

  • Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages
    by Jan Michael Alcantara on October 23, 2024 at 1:00 pm

    Summary From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials. The campaigns The post Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages appeared first on Netskope.

  • GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RAT
    by Paolo Passeri on October 21, 2024 at 8:57 pm

    One of the most interesting findings of our Netskope Threat Labs Report: Insurance 2024 was the discovery that GitHub is the most popular application in terms of malware downloads for this specific vertical, surpassing Microsoft OneDrive, which is usually the undisputed leader of this unwelcome chart. An interesting confirmation of this peculiar trend of the The post GitHub Comments from Legitimate Repositories Exploited to Deliver Remcos RAT appeared first on Netskope.

  • New Bumblebee Loader Infection Chain Signals Possible Resurgence
    by Leandro FrĂłes on October 18, 2024 at 3:29 pm

    Summary Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used. The Netskope Threat Labs team The post New Bumblebee Loader Infection Chain Signals Possible Resurgence appeared first on Netskope.

  • Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques
    by Jan Michael Alcantara on September 30, 2024 at 2:00 pm

    Summary XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by The post Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques appeared first on Netskope.

  • DCRat Targets Users with HTML Smuggling
    by Nikhil Hegde on September 26, 2024 at 2:00 pm

    Summary DCRat (also known as Dark Crystal RAT) is a modular remote access Trojan (RAT) which is offered as malware-as-a-service (MaaS) and has been around since 2018. It is written in C# and has typical RAT and information stealing capabilities, such as executing shell commands, logging keystrokes, exfiltrating files and credentials, among others. DCRat has The post DCRat Targets Users with HTML Smuggling appeared first on Netskope.

  • Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azure
    by Paolo Passeri on September 11, 2024 at 3:44 pm

    One of the advantages of exploiting a cloud service to host the attack infrastructure, is that the threat actors can use either a legitimate compromised account or create a new one specifically for their malicious purposes.  According to researchers at Microsoft, this modus operandi has been used by APT33 (also known as “Peach Sandstorm”), a The post Cloud Threats Memo: Iranian Threat Actors Continue to Exploit Azure appeared first on Netskope.

Share Websitecyber