The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. Read Full Article
ScarCruft continues to evolve, introduces Bluetooth harvester
After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. Read Full Article
New zero-day vulnerability CVE-2019-0859 in win32k.sys
In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys Read Full Article
Large-scale SIM swap fraud
If someone steals your phone number, you’ll face a lot of problems, especially because most of our modern two-factor authentication systems are based on SMSs that can be intercepted using this technique. Read Full Article
Digital Doppelgangers
From the famous Cardingplanet forum to Darknet stolen card stores – financial cybercrime schemes were not dead at all during all these years. They have evolved and become more dangerous than ever. Read Full Article
The return of the BOM
There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes. Read Full Article
AZORult++: Rewriting history
In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult stealer already known to us, unlike the original malware, they were written not in Delphi, but in C++. Read Full Article
Hacking microcontroller firmware through a USB
I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device. Read Full Article
The fourth horseman: CVE-2019-0797 vulnerability
In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. Read Full Article
A predatory tale: Who’s afraid of the thief?
Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild. Read Full Article