Malware


NEWS 
  • Android/SpyNote Moves to Crypto Currencies

    February 15, 2024

    Like much Android malware today, this malware abuses the Accessibility API. This API is used to automatically perform UI actions. For example, the malicious sample uses the Accessibility API to record device unlocking gestures. Newer, this SpyNote sample uses the Accessibility API to target famous crypto wallets. Read more… Source: Fortinet  

  • Spyware startup Variston is losing staff – some say it’s closing

    February 15, 2024

    In July 2022, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits used to target those applications were zero-days, meaning the software makers were unaware of the bugs, ...

  • Riding Dragons: capa Harnesses Ghidra

    February 14, 2024

    capa is the FLARE team’s open source tool that detects capabilities in executable files. Ghidra is an open source software reverse engineering framework created and maintained by the National Security Agency Research Directorate. With the release of capa v7, Mandian researchers have integrated capa with Ghidra, bringing capa’s detection capabilities directly to Ghidra’s user interface. With ...

  • TicTacToe Dropper

    February 14, 2024

    While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Malware droppers are malicious software designed to deliver and execute additional malware on a victim system and are employed to obfuscate final payloads during load and initial execution. Droppers within this ...

  • Coyote: A multi-stage banking Trojan abusing the Squirrel installer

    February 8, 2024

    The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, Kaspersky researchers encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught their attention was the sophisticated infection chain that makes use of various ...

  • Buying Spying: How the commercial surveillance industry works and what can be done about it

    February 6, 2024

    Private sector firms have been involved in discovering and selling exploits for many years, but there is a rise in turnkey espionage solutions. Commercial Surveillance Vendors (CSVs) offer pay-to-play tools that bundle an exploit chain designed to get past security measures, along with the spyware and the necessary infrastructure, in order to collect the desired data ...

  • Known ransomware attacks up 68% in 2023

    February 6, 2024

    Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the ...

  • Python Info-stealer Distributed by Malicious Excel Document

    February 5, 2024

    In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September. The attack stages before the info-stealer are simple downloaders that increase the difficulty of detection. This article introduces each stage ...

  • Ukraine says 2,000 computers of state firm were impacted in cyber attack

    February 1, 2024

    Ukraine’s state computer emergency response team CERT-UA said on Thursday around 2,000 computers had been affected in the recent cyber attack on an unnamed state-run company. “As part of the detailed study of the cyber threat, the obtained malware samples were examined, the peculiarities of the functioning of the infrastructure of control servers were established, and ...

  • Blackwood APT Group Has a New DLL Loader

    January 29, 2024

    This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt to install a backdoor for communications monitoring and diversion. It has evasive capabilities and, as of this writing, is targeting companies and ...