We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. Read Full Article
A predatory tale: Who’s afraid of the thief?
Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild. Read Full Article
SynAck targeted ransomware uses the Doppelgänging technique
In April 2018, we spotted the first ransomware employing the Process Doppelgänging technique – SynAck ransomware. It should be noted that SynAck is not new, but a recently discovered sample caught our attention after it was found to be using Process Doppelgänging. Here we present the results of our investigation of this new SynAck variant. Read Full Article
Using legitimate tools to hide malicious code
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe. But some samples employ other interesting methods. We’re going to discuss one such type of malware. Read Full Article
Breaking The Weakest Link Of The Strongest Chain
Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post. Read Full Article
The evolution of Brazilian Malware
Cybercrime in Brazil has changed drastically in the last few years, as it shifted from simple keyloggers to tailored remote administration tools that can run a complete attack by using the victim machine. As we know, they are in touch with cybercriminals from Eastern Europe, mainly Russians. Read Full Article
Obfuscated malicious office documents adopted by cybercriminals around the world
After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable of doing the same job? Read Full Article
Encrypted Java Archive Trojan bankers from Brazil
I have never bought a PlayStation and neither has my colleague Micha-san from Japan – well, in his case, at least not from Brazil. Nonetheless, we both received the same email notification: In this instance cybercriminals from Brazil have used a new,… Read Full Article
The most sophisticated Android Trojan
Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated. Read Full Article
The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”. Read Full Article