Enterprise Grade Malware JsOutProx

Avertium Threat Report

JsOutProx Overview This report is about a new heavily obfuscated malware dubbed JsOutProx. JsOutProx is made up of two files with multiple capabilities and extreme amounts of encoding plus algorithmic complexity. The malware targets specified software on infected machines and seems to only operate on hosts running Microsoft Windows. The threat actor behind this malware […]

New Larazus Group Dacls Malware Targets Linux, Windows Devices

Avertium Threat Report

By Brandon Adcock, Avertium CyberOps Analyst Dacls Overview A new RAT malware dubbed Dacls has been identified by security researchers. Connected to the Lazarus Group, an entity known for hacking Sony Films in late 2014 and for the global WannaCry outbreak in 2017, the Dacls Remote Access Trojan (RAT) infects devices running Windows OS, MAC […]

Dexphot Polymorphic Malware

Avertium Threat Report

Dexphot Overview Dexphot is a polymorphic malware campaign that constantly evolves, sometimes deploying new files and employing new TTPs (Tactics, Techniques, and Procedures) every 20 to 30 minutes. The goal of this malware campaign is to mine cryptocurrency, which isn’t particularly remarkable, but it is the methodologies utilized that are unique. Tactics, Techniques, Procedures The […]

Firefox Vulnerability and Fake Tech Support Page Scammers

Avertium Threat Report

Firefox Bug and Fake Technical Support Page Scam Overview Fake technical support scammers are exploiting a recently discovered Firefox vulnerability to overload CPUs. Fake tech support scam pages have been common for a considerable amount of time, but over the past year these scammers have been exploiting web browser vulnerabilities more often. The advantage for […]

Report: HOPLIGHT Trojan

Avertium Threat Report

HOPLIGHT Trojan Overview This report is about the HOPLIGHT Trojan and the recently released analysis which was conducted by multiple United States government agencies that was released on the US Cert website. This malware is a backdoor used to steal sensitive data and modify infected hosts. The delivery method isn’t discussed in the U.S. government […]

Report: RAT Generator “Blackremote”

Avertium Threat Report

Blackremote Overview This report is about a RAT (remote access tool) generator called Blackremote. The generator has been recently advertised and sold in underground forums using cryptocurrencies such as Bitcoin as the medium of exchange. The executable being generated has remote access capabilities allowing bad actors to modify the system and capture sensitive data. Tactics, […]