Malicious actors frequently take advantage of tragic news to coerce their targets into engaging with their malware lures.

There has been an unsettling uptick in the utilization of COVID-19 themed malware campaigns and distance learning lures targeting students and families.

Join the Hunt and check out the COVID-19 documents we’re currently researching over at InQuest Labs!

Latest InQuest™ Blog Posts

Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros

Posted on 2020-03-18 by Amirreza Niakanlahiji and Pedram Amini

In this post, we provide a detailed analysis of an interesting Excel 4.0 XLM macrosheet maldoc distribution campaign that is tied to a variety of executable payloads, a subject matter we'll be covering in a future blog. As of the time of writing, detection rates for this class of attack are relatively low.

COVID-19 Scare Tactics: Want to buy some masks?

Posted on 2020-03-20 by William MacArthur

In this quick, end of the week post, we wanted to touch on the ubiquitous COVID-19 (aka Corona Virus). Sharing an interesting lure, related malware, and some IOCs for colleagues to dig into while society on the whole is relegated to solitude in our homes.

InQuest™ Labs Research Spotlight

mac-dev-playbook

This playbook installs and configures most of the software I use on my Mac for web and software development. Some things in macOS are slightly difficult to automate, so I still have some manual installation steps, but at least it's all documented here.

awesome-api

A curated list of awesome resources for design and implement RESTful APIs.REST allows us to create services and applications that can be used by any device or client who understands HTTP.

SpaceVim

SpaceVim is a community-driven modular Vim distribution. It manages collections of plugins in layers, which help to collect related packages together to provide IDE-like features

Global Security Events

US Health Department Hacked Amid Coronavirus Pandemic

Cyber-attackers have hacked the US Health and Human Services Department as America works hard to minimize the impact of the COVID-19 virus. The intrusion occurred on 15-March-2020 and is thought to have been motivated by a desire to slow the agency down and spread misinformation among the public.

New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign

In early March 2020, Proofpoint researchers observed an email campaign attempting to deliver a previously unknown malware which the malware author calls RedLine Stealer. This name can be seen in the forum advertisements, code comments, and command and control (C&C) panel.

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.