Threat Research

In 2021, researchers reported that PJobRAT, an Android RAT first seen in 2019, targeted Indian military personnel by mimicking dating and messaging apps. Since then, little has been reported—until a recent threat hunt uncovered a now-concluded campaign targeting users in Taiwan....

The blog highlights how malware creators exploit popular trends, such as "AI" and "DeepSeek," to deceive unsuspecting users into downloading malicious software. By manipulating search engine optimization (SEO) and using trending keywords, cybercriminals boost the visibility of malicious sites....

"CoffeeLoader: A Brew of Stealthy Techniques" is a sophisticated malware loader designed to deploy secondary payloads while evading detection by endpoint security software. It employs advanced techniques such as call stack spoofing, sleep obfuscation, and Windows fibers to avoid analysis....

DragonForce ransomware is a malicious program that encrypts files on compromised systems and demands a cryptocurrency ransom, typically in Bitcoin, for decryption. It spreads through phishing emails, malicious websites, and system vulnerabilities. While it shares similarities with other ransomware variants, DragonForce exhibits distinct features and behaviors....

"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI" discusses how cybercriminals are exploiting the .NET MAUI framework to create malware that bypasses security measures. These threats disguise themselves as legitimate apps to steal sensitive information....

Trend Research uncovered a campaign by the Russian threat actor Water Gamayun exploiting a zero-day in the Microsoft Management Console (CVE-2025-26633). The attack manipulates .msc files and MUIPath to execute malicious code, maintain persistence, and steal data. This threat poses significant risks to enterprises, potentially leading to data breaches and financial losses....

"Cyber Threat Hunting in Healthcare, File Infectors, Botnets" expands on the initial investigation into Silver Fox, a Chinese threat actor abusing Philips DICOM viewers to deploy a backdoor trojan....

Recent threat data reveals key insights into phishing campaigns and evolving cybercriminal tactics. Facebook remains a top phishing target due to its widespread use and valuable user data, with scams often disguised as account warnings....

Cybercriminals in the UAE are impersonating Dubai Police to defraud consumers, using social engineering tactics such as smishing, phishing, and vishing. Victims are tricked into paying non-existent fines, including traffic tickets and license renewals, via fraudulent phone calls....

The financially motivated Albabat ransomware group has resurfaced with new versions. Our threat-hunting team recently identified versions 2.0.0 and 2.5, which target Windows while also collecting system and hardware data from Linux and macOS....

We've identified an ongoing campaign leveraging strategically aged domains in Traffic Direction System (TDS) activity. The final landing pages promote investment scams and fraudulent part-time or work-from-home opportunities. To evade detection, attackers register new domains and keep them dormant for at least a month before activation....

UAT-5918 is an advanced persistent threat (APT) group targeting entities in Taiwan, aiming to establish long-term access by exploiting N-day vulnerabilities in unpatched web and application servers. The group uses a range of open-source tools for network reconnaissance and manual post-compromise activities, primarily focused on information theft....

The team identified nearly 1,000 malicious .lnk files exploiting ZDI-CAN-25373, a vulnerability that enables attackers to execute hidden commands via crafted shortcuts. These attacks use concealed command-line arguments to deploy malicious payloads, making detection more challenging....

The team identified nearly 1,000 malicious .lnk files exploiting ZDI-CAN-25373, a vulnerability that enables attackers to execute hidden commands via crafted shortcuts. These attacks use concealed command-line arguments to deploy malicious payloads, making detection more challenging....

A campaign in February and March 2025 registered over 2,000 malicious domains to distribute trojanized installers disguised as Chinese language software, including DeepSeek AI Assistant, i4Tools, and Youdao Dictionary. While the installers appear legitimate, they infect Windows hosts with malware, potentially Ghost RAT (gh0st RAT)....