Threat Analyze

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

07 June 2025 - Posted in Threat Analyze by Jok3r

Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Inside the Attack: How Smishing Campaigns Are Evolving with Covert Data Theft Methods

16 May 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, there has been a noticeable increase in attacks carried out by fraudsters. These attackers use various delivery methods, ranging from social media platforms to SMS messages and [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

01 January 2025 - Posted in Threat Analyze by Jok3r

Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more

Tracking Seized Domains: Checking Your Environment for Harmful Domain IOCs

30 November 2024 - Posted in Threat Analyze by Jok3r

Background: It’s no secret that international law enforcement agencies periodically seize domains linked to cyber threats, criminal activities, and other harmful purposes. Every cybersecurity [...] Read more

Technical Detection of Typo-Squatted Campaigns: A Case Study on Roblox Game Account Hijacking

09 November 2024 - Posted in Threat Analyze by Jok3r

Background: A few days ago, UNIT42 reported tracking an active phishing campaign targeting Roblox game players, which is hugely popular worldwide. In a previous article, I covered the broader threats [...] Read more

From Interviews to Infections: The Dangerous Trend of Cybercriminals in Job Recruitment

02 November 2024 - Posted in Threat Analyze by Jok3r

Background: Over the years, the tactics, techniques, and procedures (TTPs) of attackers have evolved significantly. Recently, APT groups have used new methods that have also been adopted by average [...] Read more

The Dark Side of Integration: Risks of Windows OS hooks in Malicious Hands

12 October 2024 - Posted in Threat Analyze by Jok3r

Background: Each action we perform in the Windows UI layer involves loading DLLs that contain various hooks. Hooks are similar to backend APIs, enabling us to achieve specific results. Through [...] Read more

Mastering Browser Extensions: Key Strategies for Effective Analysis and Threat Prevention

17 August 2024 - Posted in Threat Analyze by Jok3r

Background: In today’s digital landscape, browser extensions are immensely popular for automating tasks and enhancing productivity. Millions of users rely on these tools to streamline their [...] Read more