Recent Posts

Recent Blog Posts

The PhishLabs Blog

R.A.I.D.

Recent Posts

Backdoor found in popular Linux distro

Posted by R.A.I.D. on Feb 23, '16

The Kaiten bot was distributed in some Linux Mint ISO downloads. Here are the IOCs.

According to reports from the Linux Mint Blog, hackers created a backdoored version of the Linux Mint distribution's ISO files and then compromised the Linux Mint website to change the download links to point the hacked versions hosted in Bulgaria.

The "Mint Team," maintainers of the distro and operators of the hacked web site, say that the links were only active on February 20th, 2016.  These were listed under download "mirror" sites; direct HTTP downloads from Mint Team servers and torrents were not affected.  Only backdoored versions of the "Cinnamon" edition were identified, not the "MATE" or "Xfce" editions, which use different default desktop environments.

Read More

Topics: DDoS, Botnet, Hacked

DDoS Threat Advisory – SaaS Apps Vulnerable for Exploitation

Posted by R.A.I.D. on Feb 25, '15

Akamai’s Prolexic Security Engineering & Research Team (PLXsert) and PhishLabs’ (R.A.I.D.) Research Analysis and Intelligence Division have worked together on a threat advisory that warns enterprises and Software-as-a-Service (SaaS) providers about new distributed denial of service (DDoS) attacks that leverage Joomla servers that have a vulnerable Google Maps plugin installed. The advisory is available for download from: www.stateoftheinternet.com/joomla-reflection

Read More

Topics: DDoS

Vawtrak’s expanding infrastructure

Posted by R.A.I.D. on Feb 11, '15

The malware known as Vawtrak is a banking Trojan which has increased in sophistication since its inception more than eight years ago. Systems infected with Vawtrak become part of a botnet managed by a Russian cybercrime gang who operate a Cybercrime-as-a-Service enterprise based on selling botnet access and support to their clients.

Read More

Topics: Malware, Vawtrak, Banking Trojan

One-man operation leverages phishing and browser alerts to distribute new variant of Zeus banking Trojan

Posted by R.A.I.D. on Dec 11, '14

In a blog post last week, we shared the discovery of a relatively convincing browser warning whose "Download & Install" button leads to an infection by the infamous Zeus Trojan. After further research, it appears that the threat actor has been carrying out various phishing and malware campaigns using the same playbook and virtual base of operations for nearly a year, maybe longer. The cybercriminal has devised a unique variant of Zeus based off the source code of version 2.0.8.9. 

Read More

Topics: Phishing, ZeuS, Banking Trojan

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all