Malware

January 8, 2019

We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the ...

January 7, 2019

Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to ...

January 6, 2019

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can ...

January 3, 2019

Trend Micro discovered a spyware (detected as ANDROIDOS_MOBSTSPY) which disguised itself as legitimate Android applications to gather information from users. The applications were available for download on Google Play in 2018, with some recorded to have already been downloaded over 100,000 times by users from all over the world. One of the applications we initially investigated ...

December 30, 2018

A cyber-attack has caused printing and delivery disruptions to major US newspapers, including the Los Angeles Times, the Chicago Tribune and the Baltimore Sun. The attack on Saturday appeared to originate outside the United States, the Los Angeles Times reported. It led to distribution delays in the Saturday edition of the Times, the Tribune, the Sun and other ...

December 18, 2018

As ransomware and banking trojans captured the interest – and profits – of the world with their destructive routines, cybersecurity practitioners have repeatedly published online and offline how cybercriminals have compartmentalized their schemes through exchange of information and banded professional organizations. As a more concrete proof of the way these symbiotic relationships and work flows intersect, we discovered a connection between EMOTET, URSNIF, DRIDEX and BitPaymer from open source information and ...

December 18, 2018

The group continues to evolve its custom malware in an effort to evade detection. The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go ...

December 17, 2018

January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries. In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and ...

December 14, 2018

Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware. After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) ...

December 14, 2018

Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 ...