Browsing category
Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadn’t been described yet. According to strings found inside the code, the authors named it TrickBot (or “TrickLoader”). Many links indicate, that this bot is another product of the […]
‘Moonlight’ group is likely to be involved in cyberespionage, warns Vectra Networks. A hacking group is conducting cyberespionage against targets in the Middle East by duping politicians, activists and staff at NGOs into clicking links to authentic-looking but fake versions of high-profile websites in the region, and then infecting them with malware. The operation — […]
ESET’s threat analysts have taken a closer look at the software used by Sednit to spy on its targets and steal confidential information.
To further show how ransomware is such a pile of crap, a new version of Locky has been released that appends the .shit extension on encrypted files. Like previous variants, this ransomware is installed using a DLL that is executed by Rundll32.exe. Once executed, it will encrypt targeted file types and append the .shit extension to the name of encrypted files. Rundll32.exe […]
Security researchers at ESET have released their latest research into the notorious and highly experienced Sednit cyberespionage group.
“Common sense” is an oft-prescribed remedy for email-based malware threats: Don’t click on unknown links, don’t enable macros in documents from unknown senders, don’t even read emails from unknown senders. Threat actors, though, are testing the allgemeinbildung of German-speakers with personalized lures and social engineering to deliver ransomware and banking Trojans even in regions that […]
The Exotic Ransomware is a new infection released by a malware developer going by the alias of EvilTwin or Exotic Squad. Discovered on October 12th by MalwareHunterTeam, the Exotic Ransomware will encrypt all files, including executables, in targeted folders on a victim’s computer. When finished it will display a Jigsaw Ransomware-like ransom note that demands $50 USD to […]
A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others. This Python executable comprises two main files. One is called boot_common.py and the otherencryptor.py. The first […]
The DXXD ransomware specifically targets servers and is able to encrypt files on network shares even if they haven’t been mapped. Malware continues to evolve, the last threat in order of time that implemented a singular feature is the DXXD ransomware. The peculiarities of this threat is that it encrypts also file on network shares, even […]
The latest variant of the notorious Cerber ransomware family is currently featured in several infection campaigns, security researchers warn. Dubbed Cerber 4.0, the malware version emerged in early October and appears to have already become highly popular among cybercriminals for use in malvertising campaigns. What’s more, three of the most used exploit kits (EKs) at […]
Publish primes with seeds, so we know there are no backdoors. Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes […]
Magecart targets Magento, OpenCart and the Powerfront CMS. Over 100 online stores have been compromised with a new type of web malware called Magecart that secretly logs data entered on checkout pages and sends it to the attacker’s server. First signs of this malware appeared in March 2016, but activity started to pick up in […]
Popular ecommerce sites have been infected with web-based keyloggers that are being used to steal credit card data as it’s entered into online checkout forms. More than 100 compromised sites have been identified, but the number could be in the thousands, researchers said. RiskIQ, in collaboration with ClearSky, published their findings (PDF) Thursday, and said some […]
The WildFire Locker ransomware has risen from the dead and rebranded itself using the apropos name of Hades Locker. In late August, WildFire Locker disappeared after the organizations behind NoMoreRansom.org were able to seize control of the ransomware’s Command & Control servers. This allowed NoMoreRansom to gain access to many of the decryption keys for the ransomware’s victims. Unfortunately, the ransomware […]
Late last week, a new version of Cerber Ransomware was released that included some new features. The most notable change is the switch from the static .Cerber3extension for encrypted files to a random 4 character extension, the use of a HTA file as the ransom note, and the termination of various database processes before encryption. With this version, when a victim’s […]
Within a few hours of being released in the winter of 2003, SQL Slammer had brought the internet to something of a standstill. We look back at this notable worm.
An Israeli company is marketing what appears to be an astonishing surveillance capability, claiming it can siphon off all WhatsApp chats, including encrypted communications, from phones within close proximity of a hidden Wi-Fi hacking device in a backpack. Brochures leaked to FORBES, and published below, revealed a non-public offering from Haifa-based Wintego called CatchApp. It promises an “unprecedented capability” to break through […]
Misconfigured server led to Encryptor RaaS’ downfall. After law enforcement seized servers belonging to Encryptor RaaS, a Ransomware-as-a-Service cyber-crime portal, the site’s operators decided to close it down for good over the summer and deleted the master decryption key that would have allowed victims to recover their files. This action from the Encryptor RaaS owner […]
GozNym botnet included over 23,000 infected victims. The Cisco Talos team has announced today that they’ve successfully managed to sinkhole one of GozNym’s botnets and are in the process of doing the same to three others. Researchers say they were able to divert traffic from the GozNym botnet after they managed to crack the domain […]
Today we bring you Princess Locker; the ransomware only royalty could love. First discovered byMichael Gillespie, Princess Locker encrypts a victim’s data and then demands a hefty ransom amount of 3 bitcoins, or approximately $1,800 USD, to purchase a decryptor. If payment is not made in the specified timeframe, then the ransom payment doubles to […]
The Sofacy group, also known as APT28, Pawn Storm, Fancy Bear, and Sednit, continues to add to the variety of tools they use in attacks; in this case, targeting individuals in the aerospace industry running the OS X operating system. During our analysis, we determined that Komplex was used in a previous attack campaign targeting […]