Incidents

Yet another Bofra variant

A new Bofra variant has been reported. We already detect it generically as “I-Worm.Bofra.gen”. The new variant has a distribution node located at the following URL:

http://kjh0.narod.ru/

Just like we did with previous Bofra variants, we are talking to narod.ru adminstrators to take the site offline ASAP.

Yet another Bofra variant

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.