Press ESC to close

Avast Q1/2024 Threat Report

Category Details
Threat Actors Unknown actors targeting XZ/liblzma; Lazarus Group; operators of Twizt, DDosia, and DirtyMoe botnets; operators of DarkGate and Lumma stealers; creators of HomuWitch ransomware; and creators of mobile adware like MoqHao.
Campaign Overview - Backdoor in XZ/liblzma disrupted after 2 years.
- Lazarus targeted Asian individuals with fake job offers.
- Increased botnet activity and sextortion campaigns.
- Sophisticated scams leveraging AI and deepfakes.
Target Regions/Victims - Global Linux systems (XZ/liblzma case).
- Asia (Lazarus Group campaign).
- North America, Europe (dating scams).
- Ukraine (mobile and social engineering scams).
Methodology - Social engineering (phishing, scams).
- Vulnerability exploitation (e.g., CVE-2024-21338 in appid.sys).
- Use of deepfake, SEO poisoning, and TDS in scams.
- Fileless malware deployment.
Product Targeted XZ/liblzma compression library, Windows driver appid.sys, YouTube platform, Linux distributions, Android and iOS devices.
Malware Reference HomuWitch ransomware, DirtyMoe botnet, Twizt botnet, GoldPickaxe banker, DarkGate and Lumma stealers, MoqHao adware, LockBit ransomware.
Tools Used Rootkits, fileless malware, SEO poisoning, Traffic Distribution Systems (TDS), deepfake technology.
Vulnerabilities Exploited CVE-2024-21338 (Windows appid.sys driver).
TTPs - Use of fake job offers.
- Exploitation of YouTube for malware distribution.
- Phishing through personalized creator collaboration offers.
- Hijacking accounts for scam promotion.
Attribution Lazarus Group (APT campaign targeting Asia); other threat actors unidentified.
Recommendations - Audit and secure open-source dependencies.
- Monitor for social engineering threats.
- Patch vulnerabilities promptly.
- Educate users on scams and phishing awareness.
- Strengthen C&C infrastructure defenses.
Source Avast

Read full article: https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report

Disclaimer: The above summary has been generated by an AI language model

Source: Avast

Published on: May 14, 2024

Related posts:

Germany warns of potential cyber threats from Russia ahead of snap election North Korean shell companies found impersonating US IT firms to fund missiles Beyond the Surface: the evolution and expansion of the SideWinder APT group South Asian hackers target Pakistani entities in new espionage campaign

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Updated with Our Newsletter

Filter Posts by Date

Explore Topics