While analyzing some memory dumps suspicious of being infected with a keylogger, we identified a library containing strings to interact with a virtual file system. This turned out to be a malicious loader internally named “Slingshot”. Read Full Article
We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it. Read Full Article
While we were researching the malicious program Lurk in early February 2016, we discovered an interesting oddity in how this banking Trojan spreads. From the data we had, it emerged that the users attacked by Lurk also installed the remote administration software Ammyy Admin on their computers. Read Full Article
In the last few days experts at Kaspersky Lab have detected new samples of the malicious program MAX++ (aka ZeroAccess). This Trojan first achieved notoriety for using advanced rootkit technology to hide its presence in a system. Back then, MAX++ only worked on x86 platforms; now it is capable of functioning on x64 systems! Read Full Article