The evolving use of Shellshock and Perlbot to target Webmin

Juniper Threat Labs has observed attackers exploiting older versions of Webmin using the Shellshock vulnerability to deploy Perlbot malware.

Share
IcedID Campaign Strikes Back

In our previous blog about IcedID, we  explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors took advantage

Share
COVID-19 and FMLA Campaigns used to install new IcedID banking malware

  Juniper Threat Labs has been monitoring a campaign that pushes a new IcedID banking trojan. This new campaign changes tactics by injecting into msiexec.exe to conceal itself and use

Share
IoT botnet exploiting TVT Shenzhen DVRs still lingers

Juniper Threat Labs has been monitoring an IoT botnet that has been active in the wild since October 2, 2019. It exploits a vulnerability in Shenzhen TVT DVR NVMS-9000. The

Share
Breadsecurity looking to make some dough off your router

Earlier in February, Juniper Threat Labs started to see a variant of Mirai attacks with an attempt to download a MIPS executable file to SOHO routers. We have seen Huawei

Share
Dota3: Is your Internet of Things device moonlighting?

Dissecting the evolution of malware gives researchers insights into the knowledge of, and development processes used by, malware authors. Dota3, active in the wild, offers a unique opportunity to examine

Share
GoMiner Mutates and Spreads via Public Cloud Storage Providers

Juniper Threat Labs discovered a family of Monero Miners that spreads through cloud storage providers such as OneDrive, Google Drive and Dropbox. It also has the ability to mutate or

Share
MageCart Skims Credit Cards from FocusCamera.com

Late in December 2019, someone I know received a notification from their credit card company stating a transaction for a purchase of substantial value was pending. Not recognizing the transaction,

Share
Stalking Stalkerware: A Deep Dive Into FlexiSPY

In October, the FTC announced it had reached a settlement effectively shutting down Retina-X Studios, maker of MobileSpy, PhoneSheriff and TeenShield. According to the FTC: “Retina-X did not make sure

Share
CVE-2019-3398: Atlassian Confluence Download Attachments Remote Code Execution

Atlassian Confluence is a collaboration tool that is used by organizations to create and share various documents related to marketing, design specifications, project planning, etc. It can be licensed both

Share