Foreword Welcome to the Avast Q4’21 Threat Report! Just like the rest of last year, Q4 was packed with many surprises and plot twists in the threat landscape. Let me highlight some of them. We all learned how much impact a small library for logging can have. Indeed, I’m referring to the Log4j Java...
Chaes, a threat group operates solely in Brazil, compromised hundreds of WordPress webpages to serve malicious installers which is the starting point of an interesting infection chain.
In this posting, we go over what web skimming attacks are and how they work. We then analyze a series of web skimming attacks that we found which were active from March 2021 to the present. These attacks abused the Google Tag Manager...
In October 2021, we discovered that the Magnitude exploit kit was testing out a Chromium exploit chain in the wild. About a month later, we found that the Underminer exploit kit followed suit and developed an exploit for the same Chromium vulnerability. In this blog post, we are taking a closer...