The malware found at the end of October 2021 by the Cleafy Threat Intelligence Team. The Cleafy blogpost stated that the main goal of SharkBot is to initiate money transfers (from compromised devices) via Automatic Transfer Systems (ATS). This technique is an advanced attack technique which isn’t used regularly within Android malware. It is distributed via the Google Play Store as a fake Antivirus!
Mandiant observed four unique applications targeted and exploited using CVE-2021-44228. One product that caught our attention in the immediate aftermath of this CVE’s release was MobileIron Core; an o
The attack-chain starts with a phishing email. The email includes a message about some important document and has a password protected “zip” archive file attached. The password to the archive is given
During Vidar infections, the initial malware retrieves legitimate DLL files hosted on the same C2 server used for data exfiltration. These files are not malicious, but they are used by the Vidar malw
