Threats Tagged 'medusa'

Perseus is a new Android threat that builds upon earlier malware families like Cerberus and Phoenix. It enables real-time monitoring and interaction with infected devices through Accessibility-based remote sessions, allowing full Device Takeover. The malware focuses on extracting high-value personal information, including monitoring user notes. It employs strong anti-analysis measures to evade detection. Perseus is primarily distributed through IPTV applications, targeting users in Turkey and Italy. Its capabilities include overlay attacks, keylogging, and systematic exploration of note-taking apps. The malware performs extensive environment checks to detect analysis conditions and assess device risk. Perseus represents the ongoing evolution of mobile malware, adapting to remain effective in an increasingly secure mobile environment.

MediumMalwareTurkeyItaly#dto#anti-analysis#overlay attacks

North Korean state-backed attackers are utilizing Medusa ransomware in their ongoing extortion attacks against the U.S.healthcare sector. The Symantec and Carbon Black Threat Hunter Team discovered evidence of North Korean actors employing Medusa in an attack on a Middle Eastern target and an unsuccessful attempt on a U.S.healthcare organization. Medusa, launched in 2023, operates as a ransomware-as-a-service. The Lazarus sub-group Stonefly has been a key player in North Korean ransomware attacks, using proceeds to fund espionage activities. Despite indictments and rewards, the attacks continue unabated. The current campaign employs various tools, including Comebacker, Blindingcan, ChromeStealer, and RP_Proxy. While the attacks bear similarities to previous Stonefly operations, the exact sub-group responsible remains unclear.

MediumCampaignUnited StatesSouth KoreaUnited Arab Emirates+7#stonefly#blindingcan#rp_proxy