Recent discussions surrounding an emerging information-stealing trojan project reinforce the ongoing necessity of monitoring intelligence on adversaries' capabilities for gathering sensitive data. InQuest's TI team delve into the details of a newer threat known as Planet Stealer, which has recently surfaced in underground forums and garnered attention for its potential impact on cybersecurity.

Planet Stealer, also referred to as PlanetStealer, is an information-stealing trojan implemented in Go. These types of malware are designed to surreptitiously collect and transmit sensitive information from compromised hosts, providing threat actors with access to valuable data. As a prevalent component of the malware-as-a-service (MaaS) ecosystem, information stealers like Planet Stealer attract financially motivated adversaries seeking to exploit user data for various nefarious purposes. Dive deeper into the insights provided by our analysts in the full blog post.

Read the full analysis.

InQuest Email Attack Simulation

This month we harvested 336 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 229 (68%), and Google missed 136 (40%). InQuest, MailTAC for reference, missed 54 (16%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 424 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

Understanding Phishing: Banner Effectiveness

Posted on 2024-03-26 by Isabelle Quinn

One of InQuest’s most distinguishing features is its banner system. While most of InQuest’s work detecting phish takes place “under the hood,” the banners are what recipients see. These distinctive yet unobtrusive signposts tell the reader where each email sits on the safe-dangerous spectrum. The color (gray, yellow, and red) gives a general impression. The brief text phrases explain why InQuest marked the email that way. The links in the banner allow the recipient to inquire further or report the mail to InQuest staff for further analysis

InQuest Labs Research Spotlight

ReverserAI

Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.

bincapz

Enumerates program capabilities and malicious behaviors using fragment analysis.

Tabby

Tool that converts a payload into tabs and spaces and executes.

Global Security Events

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

A complex vulnerability in JustSystems' Ichitaro Word Processor was exploited for arbitrary code execution, demonstrating the exploit's development process and challenges.

Suspected MFA Bombing Attacks Target Apple iPhone Users

Attackers are targeting Apple iPhone users with a rash of MFA bombing attacks that use a relentless series of legitimate password-reset notification alerts in what appears to be an attempt to take over their iCloud accounts. The activity has focused attention on the evolving nature of so-called multifactor authentication (MFA) bombing attacks.

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.