Research

Trend Micro's first look into the cybercriminal underground covers the different activities and services found in the Russian underground—the pioneer underground scene—in 2012.

This research paper reviews messages related to activities, along with trends observed and product and service price updates seen in the Chinese underground market throughout 2013.

While the Deep Web has often been associated with The Onion Router (TOR), this research paper introduces other networks that guarantee anonymous and untraceable access—the most renowned darknets and alternative top-level domains.

A Trend Micro research paper that reveals the operations and cybercriminals behind Predator Pain and Limitless Keylogger, which are malware toolkits that are easily obtained from underground forums.

This Trend Micro paper unravels a series of attacks that targets military officials and defense contractors. Dubbed as “Operation Pawn Storm,” the group of threat actors use two known attack vectors: spear phishing emails and a network of phishing websites.

Soundsquatting is a domain-squatting technique that takes advantage of similar-sounding words, or homophones, to lead users to malicious websites. This research paper looks into how misheard (and not just misspelled) domain names can spell trouble for unsuspec

The evolution of PoS RAM Scraper malware, from their humble beginnings to the industrialized threats that they've become.

Over several months, our researchers monitored the Chinese mobile cybercriminal underground to see what kind of wares cybercriminals were trading. What they found was a diverse set of offerings created to suit different purposes.

Trend Micro researchers looked into the way attackers use backdoors to command and control their target networks. So far, our researchers noted that attackers commonly take advantage of these eight backdoor techniques.