Cyberattack

Catching Messenger Phishing Footprints Using a DNS Net

A phishing campaign is currently targeting Facebook business accounts with password-stealing malware. The attackers have been using a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages. more

Rhysida, Not Novel but Still Dangerous: DNS Revelations

Rhysida, a new ransomware currently plaguing users may not be novel, but it's proving to be just as effective. Fortra published an in-depth analysis of the malware currently holding the data of healthcare organizations primarily based in the U.S. hostage. more

Probing the DNS for Signs of XLoader Abuse

XLoader has been plaguing macOS users since it was first discovered in 2021. Back then, though, it only posed a threat to those who opted to install Java on their systems. more

DNS Abuse and Redirection: Enough for a New JS Malware to Hide Behind?

DNS abuse combined with redirection seems to be gaining popularity as a stealth mechanism. We've just seen Decoy Dog employ the same tactic. More recently, a still-unnamed JavaScript (JS) malware has been wreaking havoc among WordPress site owners by abusing Google Public DNS to redirect victims to tech support scam sites. more

Hot on the DNS Trail of the 16shop Phishing Kit Operators

Phishers the world over have been patronizing and utilizing the 16shop phishing kit since at least 2018. The kit's users have been known to steal data and money from the customers of some of today's biggest brands, including Amazon, American Express, and PayPal. more

Searching for Smishing Triad DNS Traces

Given the ubiquity of mobile phone usage, you'd think we'd all know by now how to tell legitimate from scammy text messages. Then again, cybercriminals are always on top of their game -- learning how the latest technologies work and finding ways to abuse them. more

From URSNIF IoCs to Software Spoofing: Using DNS Intel to Connect the Dots

Financially motivated threat actors called "TA544" were first detected in 2017. TA544 is known for high-volume campaigns, sending hundreds of thousands of malicious messages daily. more

Examining WoofLocker Under the DNS Lens

WoofLocker tech support scams have been wreaking havoc since 2017 but the threat actors behind it don't seem to be done yet. In fact, the threat may have become even more resilient. more

Decoy Dog, Too Sly to Leave DNS Traces?

Decoy Dog, a malware renowned for abusing the DNS, specifically by establishing command and control (C&C) via DNS queries, first reared its head most likely in early 2022. Given its sly nature, the DNS malware has been used to successfully steal data from organizations throughout Russia and other Eastern European nations. more

RedHotel Attack Infrastructure: A DNS Deep Dive

We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings. more