The security is still secure

Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users’ computers and circumvent installed security solutions. The list of compromised security products includes dozens of vendors and relates to the whole cybersecurity industry. Read Full Article

Expensive free apps

Fraudulent apps trying to send Premium SMS messages or trying to call to high rate phone numbers are not something new. It is much more interesting to talk about how certain groups bypass detection mechanisms such as those used by Google Play. Read Full Article

Inside the Gootkit C&C server

In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment variable ‘crackme’ in the downloader’s body. Just as interesting was the fact that we were able to gain access to the bot’s C&C server, including its complete hierarchal tree of folders and files and their contents. Read Full Article

Shade: not by encryption alone

We recently found that a new logic in the latest version of the Shade encryptor currently being spread widely within the territories of Russia and CIS. On the basis of this logic, the ransomware checks the computer for any involvement in accounting activities and, if the check is successful, installs remote control tools into the compromised system instead of encrypting the victim’s files. Read Full Article