Blog

The modified installer of legit “PDFescape Desktop Installer” app looks like this:  Fake PDFescape Desktop Installer AppSHA-256: 0c933001de544ebc071d175d9f8e3bfad8066b532dc69dea4c713c52eb6a64a0 Cyren detects this kind of malware as W32/SolarMarker.A.gen!Eldorado. Upon execution, It creates an encoded file under %Userdir%<randomchars><randomchars><randomchars><randomchars><randomchars><randomchars><randomchars> (encoded file). It then executes a Power Shell Script command to decode and execute the

We have been seeing email notifications about login attempts to UnionBank online accounts, prompting users to reset their password if they found the login attempts were suspicious. Below are screenshots of some of the most recent phishing emails that were seen. Figure 1.0 Phishing emails notifying a user about a

We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed.  Figure 1.0 Email sample The emails had a ZIP attachment containing an HTML that was designed to look like an invoice signed by DocuSign, which is a well-known

The “Purchase” themed email is a commonly used subject in phishing campaigns. Threat actors can easily scrape the internet, in other words, specific data is very easily gathered and copied from the web. This makes company emails a very easy target, as they are available in their websites, especially the

  Phishing remains one of the most popular types of corporate attacks in terms of its prevalence, and therefore it is not surprising that attackers are coming up with increasingly sophisticated methods to obtain the victim’s personal data. Signs of an Office 365 Phishing Attack  A Warning from Microsoft: The

It’s safe to say that all of our Cyren Inbox Security customers use the native Office 365 security capabilities of Exchange Online Protection and Advanced Threat Protection (now collectively called Microsoft Defender for Office 365). If you follow this blog, you can’t help but notice that CIS and our incident

Every internet user participates in surveys every day: “Do you like our service?” “Are you satisfied with the order?” “Please, fill the form below to make us better for you!” Scammers know these survey forms are mundane, and often filled out reflexively. By using free “form-builder” services, attacks: can be

Macro malware (also known as macro viruses) is a computer virus that is written in the same macro language used in other software, such as Microsoft Excel and Word. Since macro viruses use the same macro language, the attack begins as soon as the document is opened. Macro malware can