Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet […]
The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit, also called Gootloader, is spread through compromised […]
Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an “advanced multi-layered virtual machine” used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET […]
The specialized team FireEye Email Security has published a report on the detection of multiple phishing campaigns in which operators use source code obfuscation of compromised or malicious domains. Threat actors seek to extract confidential information, mainly victims’ banking details. On the topic used in this campaign, threat actors are trying to take advantage of […]
ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet
An Obfuscation-Neglect Android Malware Scoring System ConceptsAndroid malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.We have an order theory of criminal which explains stages […]
Malware delivery trends change every day. For the last few years, we have observed various hacker groups like ( APT12 to Turla ) uses various techniques to deliver malware on the system or network. One of the best technique hackers groups used is to write malicious code and obfuscate it and embed with Office documents […]
Threat actors want to maintain anonymity in their operations, especially in the art of virus development and phishing expedition. They continue to find ways to bypass detection, as mere suspicion from regular users may render their development time useless. Most especially in the art of phishing were the capability to convince unsuspecting users to follow […]
Cybercriminals are using the most sophisticated techniques to bypass the security controls in various organization such as IT, medical, manufacturing industries, energy sectors, even government entities. Sometimes developers are creating a backdoor for a legitimate purpose such as maintenance and easy accessibility during the technical issue via a remote location. But the hackers are using it […]
Magniber ransomware emerges again leveraging various obfuscation techniques and with refined source codes. The most famous and long-running browser exploitation toolkit Magnitude delivering Magniber ransomware, and the toolkit primarily uses Zero-day remote code execution vulnerability allows an attacker could execute arbitrary code and take the complete control of the infected system (CVE-2018-8174). Previously Magniber targets […]
This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. Overview hideNsneak provides a simple interface that allows penetration testers to build ephemeral infrastructure — one that requires minimal […]
Advance level threats are increasing day by day and attackers using more Sophisticated Techniques to bypass the Detection. Evasion and obfuscation technique give more pain to Researchers in 2017 Compare to previous years. Command line evasion and obfuscation are the most used technique among many numbers of advance level attacks which are increased its use […]
A New persistent malware family called FakeBank spreading across Russian speaking nations and targetting Russian banks with sophisticated Obfuscation technique to steal highly sensitive information. Identified samples are mainly abusing Legitimate SMS and MMS based management applications. This malware specifically targeting to gain the financial information from the SMS applications and periodically gathering pieces of […]
The macro_pack is a tool used to automatize obfuscation and generation of MS Office documents for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify antimalware solutions bypass and automatize the process from vba generation to final Office document generation. It is very simple to use: No configuration Everything can be […]
Java Based Remote Access Trojan Called “jRAT” Rapidly Evolving with Advanced Capabilities and Targeting Many Organization Sensitive information that spreading with Highly Obfuscation Patterns. Nowadays, Advanced Threats are Mostly Spreading via Spam Campaigns same as this jRAT has Spreading via Spam Emails That has Rapidly Distributing across the Globe. This Java Based RAT Infecting users […]
Verint’s Cyber Research team has discovered an unknown variant of the Nymaim malware family, a group of threats that are also capable of downloading various malicious payloads onto the affected device, ranging from Ransomware to Banking Trojans. Background Nymaim is a malware family that was prevalent in 2013 but has recently reemerged on the threat landscape. […]
We look at malware delivered by a campaign that has infected thousands of websites around the world – and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.