Prilex POS Malware Targeting Contactless Credit Card Transactions

Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…

Read More

Alleged Chinese Threat Actors Developing Fortinet Zero-Day Exploit for New “BOLDMOVE” Malware Campaign Targeting European and African Organizations

Context On January 19, 2023, Mandiant security researchers published the technical details of malware campaign preparations they’ve reportedly observed since October 2022. Two key points should be noted regarding Mandiant’s assessment: Mandiant has not directly observed exploitation of the vulnerability, or deployment of BOLDMOVE in the wild. Mandiant researchers assess with low confidence that the…

Read More

New Linux Cryptominining Malware Developed with Shc in the Wild

On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…

Read More

APT37 Leverages Internet Explorer Zero-Day to Target South Korean Users

Context APT37 is a known, sophisticated North Korean state-backed actor that has historically leveraged Internet Explorer zero-days to target North Korean defectors, government officials, journalists, and activists in South Korea. Technical Details CVE-2022-41128 was patched by Microsoft on November 8, 2022. According to Microsoft, “this vulnerability requires that a user with an affected version of…

Read More

Sophisticated Campaign Targeting Cryptocurrency Firms

On December 6, 2022, Microsoft researchers reported technical details of a campaign targeting cryptocurrency organizations globally using what they describe as complex tactics. Community Impact Many retail, travel, and hospitality organizations maintain financial relationships with cryptocurrency firms for business reasons or accept cryptocurrency as payment and maintain relationships with organizing firms for financial reasons. As…

Read More