Threat Research
Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant
FortiGuard Labs recently captured a new phishing campaign in which a MS Excel document attached to a spam email downloaded and executed several pieces of VBscript code. Used to hijack bitcoin address info, this malware delivers a new variant of Agent Tesla onto the victim’s device. Learn more.
Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information. Learn more.
FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator
FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. Learn about the details for these vulnerabilities and how to apply the related Adobe security patches.
Protecting Critical Infrastructure: Colonial Pipeline, DarkSide, and Ransomware
Cybercriminals known as DarkSide gained access to the US Colonial Pipeline network in a ransomware attack. Learn about the details to date from the FortiGuard Labs team and next steps to take to defend against evolving ransomware threats.
Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government
FortiGuard Labs discovered another COVID spearphishing attack designed to compel unsuspecting victims to click on what appears at first as a innocuous link. Learn more.
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part III
FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part III, learn more about the tasks performed once FormBook has injected malicious code into a Windows process.
Another BitCoin Exchange Scam—This Time “Live” on YouTube
FortiGuard Labs came across a “LIVE” Bitcoin donate/exchange scam video. Learn about the technical details on how FortiGuard Labs identified this recent live BitCoin scam.
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II
FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part II, learn more about anti-analysis techniques FormBook performs, what Windows processes it focuses on, and how the malware injects itself into a Windows process.
Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I
FortiGuard Labs captured a phishing campaign sending a PowerPoint document as an email attachment to spread a new variant of the FormBook malware. In part 1, learn more about how the malicious VBA code is executed in the PowerPoint file, how the FormBook payload file is extracted from a PowerShell file downloaded by the PowerPoint sample, and how the main module is extracted from a .Net module.
Did You File Your Taxes Yet?
The FortiGuard Labs team shares a number of lures being used by malicious actors in tax scams, how they are being used, and what you can do to mitigate these risks. Read for more on protections and mitigations.
