At WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense strategies. … [Read more...]
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA
In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform … [Read more...]
Log4j Becomes The Highest Detected Vulnerability Days After Release
Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity to review some of the … [Read more...]
The Evolution of Phishing: A WatchGuard Real-World Example
Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these potential victims. Not to be confused with … [Read more...]
Deobfuscating a Dropper for a ZLoader Trojan Variant
On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that the file was a heavily … [Read more...]
