Showing 40 results for: Phishing ×

Malspam Campaign Targets Banks Using Microsoft Publisher

It's very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

VAT Return with a Vengeance

Authors: Dr. Fahim Abbasi, Gerald Carsula and Rodel Mendrez Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department responsible for collecting taxes and other tax related services like VAT returns. On 6th September, 2017, scammers launched a...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...

Malware Xeroing in on Cloud Accounting Customers

Authors: Dr. Fahim Abbasi and Rodel Mendrez We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending spoofed phishing email messages appearing to come from Xero. Xero is a New Zealand-based software company that develops cloud-based...

Tale of the Two Payloads – TrickBot and Nitol

A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan that first appeared late last year targeting banks in Europe,...

Necurs Recurs

The Necurs botnet, which was responsible for millions of malicious spam messages last year, has recently been extremely active again. For the past three weeks it has spammed emails with a malicious PDF attachment that drops a word document with...

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEO's name to try and elicit a response from a targeted employee of an organization. For more...

Suzy's Phishing Season

Although most SWG-related blogs talk about exploit kits and malicious code, today we would like to discuss something else in the form of a phishing campaign we recently spotted. Phishing often receives less attention from the InfoSec industry because unlike...

Deobfuscating Malicious Macros Using Python

Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file. Here are some examples incorporating...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...