Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software.
In the case of certain packers, classifying malicious software without employing dynamic analysis becomes a challenging task. To analyze a malicious sample and extract its configuration data, such as encryption keys and command and control server addresses, we must first unpack it. We can do this by running the malicious software in a sandbox environment, such as CAPE, followed by extracting the memory dumps. However, this method has some drawbacks.
Read more…
Source: Check Point
Related:
- Dozens of malicious wallpapers found on Steam Workshop
June 16, 2026
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app ...
- Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
June 2, 2026
Palo Alto Unit 42 are tracking an increasingly widespread malvertising campaign targeting macOS. This campaign appears to be the next stage of a previous campaign known as JSCoreRunner, which was first identified in August 2025. In recent months, the financially-motivated attackers behind these campaigns transitioned from delivering standard adware, to delivering adware with full backdoor ...
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
May 13, 2026
Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving ...
- Cache-poisoning caper turns TanStack npm packages toxic
May 12, 2026
An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral ...
- Quasar Linux (QLNX) – Inside a Full-Featured Linux RAT
May 4, 2026
In previous research, Trend Micro have demonstrated how AI can be used to improve detection accuracy when new malware families emerge, particularly those that reuse or share code from open-source repositories. In this blog entry, Trends Micro researchers present another compelling finding from the same approach. Trend Micro platform recently flagged an unusual Linux implant with ...
- Silver Fox uses new ABCDoor backdoor to target organisations in Russia and India
April 30, 2026
In December 2025, Kaspersky researchers detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. Kaspersky have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails ...