More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS. Read Full Article
Big Box LatAm Hack (3rd Part – Infection by Office Files)
The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards). Read Full Article
Big Box LatAm Hack (2nd part – Email Brute-force and Spam)
To complement the already mentioned findings, the same cybercriminal’s server contains additional interesting things but before mentioning them, I want to give a little bit more information about the email database used to spam victims to infect them with the Betabot malware.… Read Full Article
Brazilian “Feliz Natal” – Give Me Your Money Now!
Introduction Today we got a spam message with a fake e-card in Portuguese leading to an interesting piece of malware: Header translation: You got a Christmas e-card. Somebody very special has sent this Christmas e-card for you. In case you… Read Full Article
The Inevitable Move – 64-bit ZeuS Enhanced With Tor
The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now. Read Full Article
Brazilian Bankers Gone Wild: Now Using Malicious Office Files
New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro. Read Full Article
Jumcar. Timeline, crypto, and specific functions. [Second part]
Jumcar stands out from other malicious code developed in Latin America because of its particularly aggressive features. At the moment three generations of this malware family exist. Read Full Article
Jumcar. From Peru with a focus on Latin America [First part]
Jumcar is the name we have given to a family of malicious code developed in Latin America – particularly in Peru – and which, according to our research, has been deploying attack maneuvers since March 2012. Read Full Article
Spyware. HackingTeam
This article is based on technical data from KL experts and their analysis of the Korablin and Morcut malicious programs. A number of conclusions based on open source data. Read Full Article
Adobe Flash Player 0-day and HackingTeam’s Remote Control System
Adobe Flash Player CVE-2013-0633 is a critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov. The exploits for CVE-2013-0633 have been observed while monitoring the so-called -legal- surveillance malware created by the Italian company HackingTeam. In this blog, we will describe some of the attacks and the usage of this 0-day to deploy malware from -HackingTeam- marketed as Remote Control System. Read Full Article