Incidents

Bagle.at links to compromised sites now active

We mentioned a payload for Bagle.at, where the worm tried to connect to compromised sites. The links were inactive up to now. Today some of the links are active.

Bagle.at tries to download and execute TrojanDownloader.Win32.Small.zj, a new variant of Small.

Bagle.at links to compromised sites now active

Your email address will not be published. Required fields are marked *

 

Reports

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox