no-image

From Linux to Windows – New Family of Cross-Platform Desktop Backdoors Discovered

Recently we came across a new family of cross-platform backdoors for desktop environments. First we got the Linux variant, and with information extracted from its binary, we were able to find the variant for Windows desktops, too. Not only that, but the Windows version was additionally equipped with a valid code signing signature. Let´s have a look at both of them. Read Full Article

no-image

SyScan 2014

In the first week of April 2014 we were at “The Symposium on Security for Asia Network” (SyScan), a “geeky” single-track conference located in Singapore. I liked the friendly atmosphere from the very first slides of the event (as is… Read Full Article

no-image

Mac Protector: Register your copy now! Part 2

A few days ago I published a blog post regarding the reverse engineering of the Mac OSX Rogue AV registration routine. The goal was to see if the product was acting like a legitimate one once registered. The product behaved normally, and pretended to clean the machine like their windows counterpart. It was also possible to gather intelligence on the technical support once registered.

Read Full Article

no-image

More fakeAV for MAC. This time it’s massive

When my colleague Fabio wrote about a Rogueware campaign targeting MAC users, I investigated a bit into the origin of these campaigns. It was interesting how different researchers were getting those samples through searching images on Google. However, different searches always arrive at the same result, leading to the question: How many search terms have been poisoned?

Read Full Article