Botnet & Infostealers: Financial Threat Landscape 2023

Botnet & Infostealers: Financial Threat Landscape 2023

Botnets pose a significant and insidious threat. Their resistant nature to mitigation efforts makes them particularly dangerous. Through analysis by Swascan’s Cyber Security Team, not only have botnets that have directly affected Italian financial sector assets been identified, but also those that may have infected personal devices or those used by employees in remote work […]

DISCOVER MORE
BiBi Wiper: malware analysis 

BiBi Wiper: malware analysis 

Important elements of the analysis:  ​​ Introduction  BiBi Wiper is a “destructive” malware used in the Israel-Hamas conflict by activists of the Sunni terrorist group. As of 30 October 2023, the threat has also been infecting Unix operating systems, although a more widely used variant is also Windows, which is analyzed in this article.   The artefact, […]

DISCOVER MORE
Temu: Android analysis 

Temu: Android analysis 

Temu is a new e-commerce application, available for Windows, Android and iOS, which allows the purchase of various products at very low prices. Several concerns and fears about data security and user privacy emerged after the publication of the analysis prepared by GlizzlyReports

DISCOVER MORE
VenomRAT Darknet: malware analysis 

VenomRAT Darknet: malware analysis 

In the present analysis a malware sample of VenomRAT obtained from a Darknet forum, which only allows the download of source code and compiled samples if there is a reaction to the post by a user. 

DISCOVER MORE
XWorm Darknet: malware analysis 

XWorm Darknet: malware analysis 

In the present analysis, a malware sample XWorm obtained from a Darknet forum was considered, which only allows the download of source code and compiled samples if there is a reaction to the post by a user. 

DISCOVER MORE
Powrprof.dll library: malware analysis 

Powrprof.dll library: malware analysis 

In this analysis, the library powrprof.dll was taken in consideration, which is identified by OSINT sources mainly due to heuristic and behavioural detections and machine learning algorithm

DISCOVER MORE
Cactus Ransomware: malware analysis

Cactus Ransomware: malware analysis

Important elements of the analysis:  Introduction  Cactus Ransomware is a new threat, first identified in March 2023, with some special characteristics. It is distributed in compromised infrastructures mainly using certain Fortinet VPN vulnerabilities as an attack vector, allowing unauthorized access. The main feature of this ransomware is the auto-encryption, so the encryption of the ransomware […]

DISCOVER MORE
Journey into Raccoon’s lair

Journey into Raccoon’s lair

Raccoon Infostealer was born in April 2019 as a Malware As a Service (MaaS), immediately establishing itself as one of the most widespread and efficient malware infostealers around; a malicious software that infects computers and steals personal information, including e-mail addresses, identification numbers, bank account information, and cryptocurrency information. The most common methods used by […]

DISCOVER MORE
Security Advisory: MicroFocus Filr Appliance 3.0 build 4670 (Exposed LDAP Credential)

Security Advisory: MicroFocus Filr Appliance 3.0 build 4670 (Exposed LDAP Credential)

Swascan Offensive Security Team has identified Information Disclosure vulnerabilities on the digital assets of MicroFocus Filr Appliance 3.0 (build 4670). The vulnerability was identified during a Penetration Test activity on a customer that exposes the Filr application. Having the administrator credentials available we were able to view, in one of the responses, the LDAP configuration […]

DISCOVER MORE
Qakbot; Black Basta ransomware delivery

Qakbot; Black Basta ransomware delivery

Qakbot, also known as Qbot, is a banking malware and infostealer that primarily spreads through phishing emails and exploit kits. It was first discovered in 2008 and has since been a significant problem for organizations and users globally. Qakbot is designed to infect Windows operating systems and take control of computers and corporate networks. Once […]

DISCOVER MORE