Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild. Read Full Article
SynAck targeted ransomware uses the Doppelgänging technique
In April 2018, we spotted the first ransomware employing the Process Doppelgänging technique – SynAck ransomware. It should be noted that SynAck is not new, but a recently discovered sample caught our attention after it was found to be using Process Doppelgänging. Here we present the results of our investigation of this new SynAck variant. Read Full Article
Using legitimate tools to hide malicious code
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe. But some samples employ other interesting methods. We’re going to discuss one such type of malware. Read Full Article
Breaking The Weakest Link Of The Strongest Chain
Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post. Read Full Article
Obfuscated malicious office documents adopted by cybercriminals around the world
After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable of doing the same job? Read Full Article
Encrypted Java Archive Trojan bankers from Brazil
I have never bought a PlayStation and neither has my colleague Micha-san from Japan – well, in his case, at least not from Brazil. Nonetheless, we both received the same email notification: In this instance cybercriminals from Brazil have used a new,… Read Full Article
The most sophisticated Android Trojan
Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated. Read Full Article
The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”. Read Full Article
Steganography or encryption in bankers?
Cybercriminals avoiding detection and automated monitoring by block cipher using. Read Full Article
iFrames = Apple too?
Looking up definitions for ‘iframe’ does indeed give results about “… a constraint of the H.264 codec specified by Apple to ensure ease of consumer video editing.”. Such iframes do contain all necessary rendering information and serve as reference to construct other frames. But here we discuss the other kind of iframes – HTML tags. Read Full Article