Acronis Threat Research Unit (TRU) identified a new variant of the LOTUSLITE backdoor with a theme related to India's banking sector, delivered via DLL sideloading using a legitimate Microsoft-signed executable.
Acronis TRU has identified hundreds of GitHub repositories delivering malware to video gamers under the guise of "free game cheats," spanning numerous campaigns across virtually every major online game title.
Acronis Threat Research Unit (TRU) has identified a targeted campaign distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating official Home Front Command communications.
Acronis' Threat Research Unit (TRU) has uncovered a malware campaign, dubbed CRESCENTHARVEST, potentially targeting supporters of Iran's ongoing protests with the goal of information theft and long-term espionage.
The Acronis Threat Research Unit (TRU) analyzed the latest version of LockBit ransomware (version 5), which targets Windows, Linux and ESXi systems, and shares some similarities with the previous version 4.
Acronis Threat Research Unit (TRU) has been tracking Transparent Tribe, also known as APT36, and has uncovered a campaign that stands out for its use of startup-oriented, themed lure material delivered via an ISO container-based file.
Acronis Threat Research Unit (TRU) observed a targeted malware campaign against U.S. government entities leveraging a politically themed ZIP archive containing a loader executable and a malicious DLL. The executable is used to sideload and execute the DLL, which functions as the primary backdoor, tracked as LOTUSLITE.
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
This report is the result of a collaborative investigation between Hunt.io and the Acronis Threat Research Unit (TRU), in which both teams collaborated to map ongoing DPRK infrastructure activity, including Lazarus and Kimsuky.
Makop, a ransomware strain derived from Phobos, continues to exploit exposed RDP systems while adding new components such as local privilege escalation exploits and loader malware to its traditional toolkit.
Acronis TRU researchers have discovered an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands.
Acronis Threat Research Unit (TRU) observed a global malvertising / SEO campaign, tracked as “TamperedChef.” It delivers legitimate-looking installers that disguise as common applications to trick users into installing them, establish persistence and deliver obfuscated JavaScript payloads for remote access and control.