Karkoff Malware

 

 

It was this month that Talos researchers discovered the new Karkoff .Net malware. The team says that the malware is “lightweight” and permits remote code execution through the C2. There is no obfuscation in play so Karkoff is easily picked apart.

The malware does have an interesting element, however, in that Karkoff generates a log file which stores executed commands with timestamps. If organizations fall victim to Karkoff, they would be able to use this file to review exactly what happened, and where.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Karkoff Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-3396

 

 

A group of attackers are actively exploiting a critical vulnerability in Atlassian’s Confluence collaboration software to infect servers with the GandCrab ransomware.

The vulnerability, tracked as CVE-2019-3396, is in the software’s Widget Connector that allows users to embed content from YouTube, Twitter and other websites into web pages.

Attackers can exploit the flaw to inject a rogue template and achieve remote code execution on the server. According to Atlassian’s advisory, published March 20, all versions of Confluence Server and Confluence Data Center before versions 6.6.12, 6.12.3, 6.13.3 and 6.14.2 are affected.

Source: CSO Online

How do you protect yourself?

Ensure you’re updated with the latest software patches.

 

Qbot Banking Trojan

 

 

A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team.

Qbot (also known as QakBot and Pinkslipbot) is a quite old yet still active and continuously evolving banking Trojan with worm capabilities, used by malicious actors since at least 2009 [1, 2, 3, 4] to steal financial data and banking credentials from their targets, to drop additional malware, to log user keystrokes, and create a backdoor to compromised machines.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Qbot Banking Trojan and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.