Blog

The latest from Swascan: news, stories and events from the company and the Cyber world.

Threatland Report – H2 2023

Threatland Report – H2 2023

The second half of 2023 saw a significant increase in cyber-attacks aimed at stealing data and demanding ransoms in exchange for restoring affected systems. Swascan’s SOC and Threat Intelligence Team conducted an in-depth analysis on ransomware, malware and phishing scenarios, providing a detailed picture of emerging threats and evolving trends. Numerous ransomware campaigns were observed […]

DISCOVER MORE
ChatGPT Ransomware: analysis of the source code

ChatGPT Ransomware: analysis of the source code

With the advent of new technologies based on artificial intelligence and virtual assistants, some tasks have been automated and made faster. However, since the emergence of the concept of AI and virtual assistants, the risk that artificial intelligence may also satisfy dangerous, harmful and unethical queries rose. An example could be a request for information […]

DISCOVER MORE
VenomRAT & RemcosRAT: february 2024 update

VenomRAT & RemcosRAT: february 2024 update

Between January and February 2024, the following configurations of VenomRAT and RemcosRAT and the process killing library RumpeDLL were found uploaded to the host 45.XX.XX.XX  From 23 January 2024 onwards, uploads and modification timestamps of RAT malware configuration files uploaded to the distribution host can be seen. This distribution session is subsequent to the article […]

DISCOVER MORE
Botnet & Infostealers: Financial Threat Landscape 2023

Botnet & Infostealers: Financial Threat Landscape 2023

Botnets pose a significant and insidious threat. Their resistant nature to mitigation efforts makes them particularly dangerous. Through analysis by Swascan’s Cyber Security Team, not only have botnets that have directly affected Italian financial sector assets been identified, but also those that may have infected personal devices or those used by employees in remote work […]

DISCOVER MORE
BiBi Wiper: malware analysis 

BiBi Wiper: malware analysis 

Important elements of the analysis:  ​​ Introduction  BiBi Wiper is a “destructive” malware used in the Israel-Hamas conflict by activists of the Sunni terrorist group. As of 30 October 2023, the threat has also been infecting Unix operating systems, although a more widely used variant is also Windows, which is analyzed in this article.   The artefact, […]

DISCOVER MORE
Temu: Android analysis 

Temu: Android analysis 

Temu is a new e-commerce application, available for Windows, Android and iOS, which allows the purchase of various products at very low prices. Several concerns and fears about data security and user privacy emerged after the publication of the analysis prepared by GlizzlyReports

DISCOVER MORE
VenomRAT Darknet: malware analysis 

VenomRAT Darknet: malware analysis 

In the present analysis a malware sample of VenomRAT obtained from a Darknet forum, which only allows the download of source code and compiled samples if there is a reaction to the post by a user. 

DISCOVER MORE
XWorm Darknet: malware analysis 

XWorm Darknet: malware analysis 

In the present analysis, a malware sample XWorm obtained from a Darknet forum was considered, which only allows the download of source code and compiled samples if there is a reaction to the post by a user. 

DISCOVER MORE
Powrprof.dll library: malware analysis 

Powrprof.dll library: malware analysis 

In this analysis, the library powrprof.dll was taken in consideration, which is identified by OSINT sources mainly due to heuristic and behavioural detections and machine learning algorithm

DISCOVER MORE
Cactus Ransomware: malware analysis

Cactus Ransomware: malware analysis

Important elements of the analysis:  Introduction  Cactus Ransomware is a new threat, first identified in March 2023, with some special characteristics. It is distributed in compromised infrastructures mainly using certain Fortinet VPN vulnerabilities as an attack vector, allowing unauthorized access. The main feature of this ransomware is the auto-encryption, so the encryption of the ransomware […]

DISCOVER MORE