Threat Research

Threat Research

Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant

FortiGuard Labs recently captured a new phishing campaign in which a MS Excel document attached to a spam email downloaded and executed several pieces of VBscript code. Used to hijack bitcoin address info, this malware delivers a new variant of Agent Tesla onto the victim’s device. Learn more.

By Xiaopeng Zhang June 04, 2021

Threat Research

Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions

FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information. Learn more.

Threat Research

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator

FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. Learn about the details for these vulnerabilities and how to apply the related Adobe security patches.

By Kushal Arvind Shah May 12, 2021

Threat Research

Protecting Critical Infrastructure: Colonial Pipeline, DarkSide, and Ransomware

Cybercriminals known as DarkSide gained access to the US Colonial Pipeline network in a ransomware attack. Learn about the details to date from the FortiGuard Labs team and next steps to take to defend against evolving ransomware threats.

By FortiGuard Labs May 10, 2021

Threat Research

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government

FortiGuard Labs discovered another COVID spearphishing attack designed to compel unsuspecting victims to click on what appears at first as a innocuous link. Learn more.

By Fred Gutierrez and Val Saengphaibul May 03, 2021

Threat Research

Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part III

FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part III, learn more about the tasks performed once FormBook has injected malicious code into a Windows process.

By Xiaopeng Zhang April 27, 2021

Threat Research

Another BitCoin Exchange Scam—This Time “Live” on YouTube

FortiGuard Labs came across a “LIVE” Bitcoin donate/exchange scam video. Learn about the technical details on how FortiGuard Labs identified this recent live BitCoin scam.

By Kushal Arvind Shah April 22, 2021

Threat Research

Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II

FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part II, learn more about anti-analysis techniques FormBook performs, what Windows processes it focuses on, and how the malware injects itself into a Windows process.

By Xiaopeng Zhang April 21, 2021

Threat Research

Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I

FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part 1, learn more about how the malicious VBA code is executed in the PowerPoint file, how the FormBook payload file is extracted from a PowerShell file downloaded by the PowerPoint sample, and how the main module is extracted from a .Net module.

By Xiaopeng Zhang April 12, 2021

Threat Research

Did You File Your Taxes Yet?

The FortiGuard Labs team shares a number of lures being used by malicious actors in tax scams, how they are being used, and what you can do to mitigate these risks. Read for more on protections and mitigations.

By Fred Gutierrez April 02, 2021