Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software.
In the case of certain packers, classifying malicious software without employing dynamic analysis becomes a challenging task. To analyze a malicious sample and extract its configuration data, such as encryption keys and command and control server addresses, we must first unpack it. We can do this by running the malicious software in a sandbox environment, such as CAPE, followed by extracting the memory dumps. However, this method has some drawbacks.
Read more…
Source: Check Point
Related:
- RenEngine: When “free” comes at too high a price
February 11, 2026
Kaspersky researchers often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown ...
- Approaching cyclone: Vortex Werewolf attacks Russia
February 6, 2026
In December 2025 and January 2026, BI.ZONE Threat Intelligence detected malicious activity by a new cluster Vortex Werewolf (SkyCloak). The attacks targeted Russian government and defense organizations. BI.ZONE researchers findings indicate that the adversary used phishing emails to deliver malware to the target systems. Victims received messages containing a download link disguised as a Telegram file‑sharing ...
- Dynowiper: Destructive Malware Targeting Poland’s Energy Sector
February 6, 2026
The coordinated destructive campaign against critical energy infrastructure occurred on December 29, 2025, during a period of severe winter weather in Poland. According to CERT Polska’s report, the campaign targeted: 30+ wind and solar farms across Poland; A major CHP plant supplying heat to nearly half a million customers; A manufacturing sector company characterized as an ...
- Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
February 5, 2026
Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT sectors. Their campaigns are meticulously prepared and tailored to specific victims, featuring a signature ...
- The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
February 2, 2026
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors. Rapid7 investigation ...
- HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
January 27, 2026
Over the past few years, we’ve been observing and monitoring the espionage activities of HoneyMyte (aka Mustang Panda or Bronze President) within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group’s campaigns were government entities. As an APT group, HoneyMyte uses a variety of sophisticated tools ...