Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
released on 2023-11-24 @ 12:04:48 PM
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market. The threat actor behind these operations abused Node.js to act as a platform for the backdoor, Extended Validation (EV) Code Signing for defense evasion, and possibly Google Colab to host search engine-optimized download sites.