Morphisec Labs
The introduction of the Jupyter InfoStealer/Backdoor
An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, ...
Agent Tesla: A Day in a Life of IR
Introduction The Agent Tesla infostealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked ...
Trickbot/Emotet Delivery through Word Macro
The Morphisec Labs team has prevented on our customers’ sites a massive Trickbot and Emotet phishing campaign during the 10th and 11th of September. Trickbot is one of the most advanced malware ...
QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
Morphisec Labs has tracked a massive maldoc campaign delivering the QakBot/QBot banking trojan, starting earlier this month. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. In ...
Morphisec Knowledge Update: New WastedLocker Ransomware Causes Havoc Among Some of the Leading Enterprises in the U.S.
Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which ...
How COVID-19 Has Altered the Enterprise Cyberattack Landscape
Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering ...
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional ...
CrystalBit / Apple Double DLL Hijack — From fraudulent software bundle downloads to an evasive miner raging campaign
As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of ...
Ursnif/Gozi Delivery – Excel Macro 4.0 Utilization Uptick & OCR Bypass
Ursnif/Gozi Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery ...
Ursnif/Gozi Delivery — Old School Excel Macro 4.0 Utilization Uptick and the OCR Heuristics Bypass
Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery methods ...
