Malware descriptions

Gumblar update

As expected, we can confirm more compromised machines. Our current count looks as follows:

1765    INDIA
1244    TURKEY
1084    GERMANY
968      SPAIN
878      MOROCCO
822      CANADA
815      PERU
792      JAPAN
712      THAILAND
689      AUSTRIA
678      ROMANIA
655      POLAND
654      ISRAEL
628      SWEDEN
599      ITALY

These numbers stand for unique hosts, some of them contain several user directories etc. which means that the real count is much higher than shown here. As mentioned before, each of these hosts are spreading a set of malicious files which are sent to a user depending on the computer’s environment. We used the site to confirm current detection status of 41 AntiVirus Vendors who participate on that site. The result showed that currently only 3 out of 41 vendors detect the malicious *.php file which is injected at above locations. The malicious *.pdf file scored with 4/41 and the flash content was detected by 3 out of 41 vendors. However, the main executable payload was detected by 33 vendors. Of course, these malicious files can be changed at any time by the criminals who operate this scheme. We are closely monitoring further development in order to protect our users as fast as possible.

Gumblar update

Your email address will not be published.



The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox