Fraud Protection August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges…

Malware April 26, 2022

Hive0117 continues fileless malware delivery in Eastern Europe

4 min read - Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The…

Advanced Threats July 12, 2021

RoboSki and global recovery: Automation to combat evolving obfuscation

12 min read - In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first…

Advanced Threats July 7, 2021

Attacks on Operational Technology From IBM X-Force and Dragos Data

8 min read - Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing…

Malware July 9, 2019

Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)

4 min read - IBM X-Force researchers detected, reverse engineered, reconstructed and simulated a Delphi-based Brazilian remote access Trojan.

Malware July 2, 2019

Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

8 min read - IBM X-Force researchers discovered, reverse engineered and reconstructed AVLay, a remote access Trojan that mixes DLL hijacking with a legitimate executable borrowed from various antivirus programs.

November 20, 2018

TA505 Threat Group Distributes Previously Undocumented tRat Remote Access Trojan

< 1 min read - Researchers observed the TA505 threat group spreading a previously undocumented remote access Trojan (RAT) called tRaT.

July 18, 2017

GhostCtrl Android RAT Demonstrates Spooky Range of Capabilities

2 min read - Security researchers recently uncovered a scary version of GhostCtrl, an Android RAT with advanced capabilities that can be very difficult to detect.

July 17, 2017

The Adwind Remote Access Tool Experiences a Resurgence

2 min read - A new report detailed how Adwind, a remote access tool, is surging in popularity and putting countless users at risk for cyberattack.

May 2, 2017

Malware Campaign Targets Crucial Business Data

2 min read - Organizations across a range of industries are being targeted in a sophisticated campaign that uses malware to put critical information at risk.