Blog News Malware -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog


 


Datum

Název

Info

Blog

Companies

9.1.19Ransomware vs. printing press? US newspapers face “foreign cyberattack”Did malware disrupt newspaper deliveries in major US cities? Here’s what’s known about the incident so far and the leading suspect: Ryuk ransomware. Plus, advice on defending your organization against such attacks.Malware blogEset
9.1.192018: Research highlights from ESET’s leading lightsAs the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018Malware blogEset
9.1.19Analysis of the latest Emotet propagation campaignAn analysis of the workings of this new Emotet campaign, which has affected various countries in Latin America by taking advantage of Microsoft Office files to hide its malicious activityMalware blogEset
1.1.192018: Research highlights from ESET’s leading lightsAs the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018Malware blogEset
1.1.19Analysis of the latest Emotet propagation campaignAn analysis of the workings of this new Emotet campaign, which has affected various countries in Latin America by taking advantage of Microsoft Office files to hide its malicious activityMalware blogEset
21.12.18Google’s policy change reduces security, privacy and safety for 75% of users of ESET’s Android anti-theft serviceThe unfortunate implications of a well-intentioned change to Google Play Developer policies – and the negative impact it has on ESET’s Android app customersMalware blogEset
21.12.18

VBS Unique Detection

On the 29th November a VBS file was identified by Check Point’s Threat Emulation detection engine to be communicating with an external resource. Fortunately, the file inspection the engine decided to stop the attack at the most primary and earliest stage of the attack. Malware blogCheckpoint
21.12.18Year in Malware 2018: The most prominent threats Talos tracked this yearIt was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies.Malware blogCisco Talos
20.12.18Yes, Chromebooks can and do get infectedAs a Mac malware specialist, I’ve seen more than my share of folks saying “Macs don’t get viruses” over the years. I’ve seen and experienced first-hand that this isn’t true—even on iOS, where despite having tight, built-in security, iPhones are still capable of getting infected by rare malware. I suppose that I shouldn’t be surprised, then, when I hear someone claim that “viruses on Chrome OS don’t exist.”Malware blogMalwarebytes
15.12.18Shamoon: Destructive Threat Re-Emerges with New Sting in its TailAfter a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East.Malware blogSymantec
14.12.18What are Deep Neural Networks Learning About Malware?An analysis of FireEye’s deep learning-based malware classifier.Malware blogFireEye
12.12.18FLARE Script Series: Automating Objective-C Code Analysis with EmulationWe are sharing a new IDAPython library that provides scriptable emulation features to reverse engineers.Malware blogFireEye
12.12.18Android Trojan steals money from PayPal accounts even with 2FA onThere is no evidence that the flaw was misused during the six days it was alive, said the tech giantMalware blogEset
12.12.18Flurry of new Mac malware drops in DecemberLast week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft’s John Lambert and analyzed by Objective-See’s Patrick Wardle, and the second was found by Malwarebytes’ Adam Thomas.Malware blogMalwarebytes
11.12.18Brazilian users’ mobile devices attacked by a banking TrojanDoctor Web virus analysts have detected the Android.BankBot.495.origin Trojan attacking Brazilian financial institution customers on Google Play. This Trojan uses Android’s special features (Accessibility Service). It uses them to control infected mobile devices and steal their owners’ confidential dataMalware blogDr Web
5.12.18Formjacking: Targeting Popular Stores Near YouFormjacking, the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites, has been making headlines lately. In our previous blog, we discussed how formjacking generally works and cited a few publicly reported attacks that targeted popular online businesses. Malware blogSymantec
5.12.18The Dark Side of the ForSSHeESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats.Malware blogEset
5.12.18New ‘Under the Radar’ report examines modern threats and future technologiesThe new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either for the purpose of additional infection or evasion of detection.Malware blogMalwarebytes
1.12.18

The Evolution of BackSwap

The BackSwap banker has been in the spotlight recently due to its unique and innovative techniques to steal money from victims while staying under the radar and remaining undetected. Malware blogCheckpoint
29.11.18Trojan clicker distributed under the guise of DynDNSTypically, cybercriminals use several traditional malware distribution channels, the main one being spamming. However, occasionally one comes across other means of distribution. Doctor Web’s experts will touch on one of them in this article.Malware blogDr Web
26.11.18Banking Trojan attacks European users of Android devicesBanking Trojans remain among the most dangerous malware programs; they help attackers steal confidential information and money from users. Doctor Web malware analysts have detected one such Trojan on Google Play. Malware blogDr Web
23.11.18Black Friday special by Emotet: Filling inboxes with infected XML macrosEmotet starts another massive spam campaign just as Black Friday begins to pick up steamMalware blogEset
21.11.18Cmd and Conquer: De-DOSfuscation with flare-qdbLearn how to use flare-qdb to bring “script block logging” to the Windows command interpreter, and moreMalware blogFireEye
10.11.18Metamorfo Banking Trojan Keeps Its Sights on BrazilFinancially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card information and login credentials for various online banking and financial services websites so this data can be monetized by the attackers. Malware blogCisco Talos
30.10.18Gallmaker: New Attack Group Eschews Malware to Live off the LandA new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign.Malware blogSymantec
25.10.18Banking Trojans continue to surface on Google PlayThe malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 usersMalware blog

Eset

25.10.18LuminosityLink RAT author sentenced to 2.5 years in jailAs part of his plea agreement, the author of the malware also forfeited the proceeds from his crimes – 114 Bitcoin worth $725,000Malware blog

Eset

18.10.18

Godzilla Loader and the Long Tail of Malware

To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thinking where malicious tools and campaigns emerge out of the ether, forged by an invisible hand. Malware blogCheckpoint

16.8.18

VBEtaly: An Italian Ursnif MalSpam Campaign

Check Point researchers have found another wave of the Ursnif malspam campaign targeting Italy. Only a few details are known so far but what we have found is that the file delivered is a VBE file (encoded VBS) named “SCANSIONE.vbe” and is delivered via ZIP attachments in emails with the subject suggesting different documents in Italian.

Malware blog

Checkpoint

5.8.18

Ramnit’s Network of Proxy Servers

Research By: Alexey Bukhteyev As you may know, Ramnit is one of the most prominent banking malware families in existence today and lately Check Point Research monitored a new massive campaign of Ramnit, dubbed...

Malware blog

Checkpoint

31.7.18

Osiris: An Enhanced Banking Trojan

Research By: Yaroslav Harakhavik and Nikita Fokin Following our recent analysis of the Kronos banking Trojan, we discovered that Kronos has also now been enhanced to hide its communication with C&C server using Tor....

Malware blog

Checkpoint

30.7.18

A Malvertising Campaign of Secrets and Lies

Check Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via multiple...

Malware blog

Checkpoint

30.7.18

Emotet: The Tricky Trojan that ‘Git Clones’The Emotet Trojan downloader originally debuted in 2014 as a banking Trojan that took an unusual approach to stealing banking credentials; Instead of hooking per-browser functions in the victim’s web browser process, Emotet...Malware blog

Checkpoint

30.7.18

GlanceLove: Spying Under the Cover of the World CupWhen the whistle of the first match of the 18 World Cup blew, it didn’t just signal the start of an exciting tournament for football fans worldwide, but also gave the green light...Malware blog

Checkpoint

30.7.18

Deep Dive into UPAS Kit vs. KronosBy Mark Lechtik Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the back story...Malware blog

Checkpoint

30.7.18

RottenSys: Not a Secure Wi-Fi Service At AllResearch By: Feixiang He, Bohdan Melnykov, Elena Root Key Findings: RottenSys, a mobile adware, has infected nearly 5 million devices since 2016. Indications show the malware could have entered earlier in the supplier..Malware blog

Checkpoint

30.7.18

Malware Displaying Porn Ads Discovered in Game Apps on Google PlayResearch by: Elena Root & Bogdan Melnykov Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside around 60 game apps, several of whichMalware blog

Checkpoint

30.7.18

Malicious Flashlight Apps on Google PlayCheck Point researchers have detected a new type of adware roaming Google Play, the official app store of Google. The suspicious scripts override the user’s decision to disable ads showing outside of a.Malware blog

Checkpoint

30.7.18

ParseDroid: Targeting The Android Development & Research CommunityResearchers: Eran Vaknin, Gal Elbaz, Alon Boxiner, Oded Vanunu Latest research from the Check Point Research Team has revealed several vulnerabilities, that puts each and every organization that does any type of Java/Android..Malware blogCheckpoint

30.7.18

The Perfect ‘Inside Job’ Banking Malware

Researchers:  Mark Lechtik and Raman Ladutska The Brazilian cyberspace is known to be a whole ecosystem of its own and, although the banking malware that originates there has traditionally been somewhat basic, recent..

Malware blog

Checkpoint

30.7.18

September’s Most Wanted Malware: Locky Shoots Back Up Global Rankings

Check Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has...

Malware blog

Checkpoint

30.7.18

ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit you in your wallet!

Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges for fake services to users’ accounts without their knowledge. According to...

Malware blog

Checkpoint

30.7.18

July’s Most Wanted Malware: RoughTed and Fireball Decrease, But Stay Most Prevalent

Check Point’s latest Global Threat Impact Index reveals that that the number of organizations impacted globally by the RoughTed malvertising campaign fell by over a third during July, from 28% to 18%. RoughTed

Malware blog

Checkpoint

30.7.18

Is Malware Hiding in Your Resume?

Eran Vaknin, Dvir Atias, Alon Boxiner The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a..

Malware blog

Checkpoint

30.7.18

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

THE TAKEAWAY Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. IN CONTEXT A large-scale malvertising campaign, RoughTed is used...

Malware blog

Checkpoint

30.7.18

OSX/Dok Refuses to Go Away and It’s After Your Money

Following up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at.

Malware blog

Checkpoint

30.7.18

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

THE TAKEAWAY: Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May. The top three malware families were...

Malware blog

Checkpoint

30.7.18

How the CopyCat malware infected Android devices around the world

Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues...

Malware blog

Checkpoint

30.7.18

BROKERS IN THE SHADOWS – Part 2: Analyzing Petya’s DoublePulsarV2.0 Backdoor

Background In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again is engaged in another large scale attack. Important.

Malware blog

Checkpoint

30.7.18

FIREBALL – The Chinese Malware of 250 Million Computers Infected

Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware,  Fireball, takes over target browsers and turns.

Malware blog

Checkpoint

30.7.18

The Judy Malware: Possibly the largest malware campaign found on Google Play

Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean

Malware blog

Checkpoint

30.7.18

Hacked in Translation – from Subtitles to Complete Takeover

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers..

Malware blog

Checkpoint

30.7.18

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces Again

Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there..

Malware blog

Checkpoint

30.7.18

DiamondFox modular malware – a one-stop shop

Check Point researchers have conducted a thorough investigation of the DiamondFox malware-as-a-service in collaboration with Terbium Labs, a Dark Web Data Intelligence company. The report includes a review of the malware’s sales procedure...

Malware blog

Checkpoint

30.7.18

DiamondFox modular malware – a one-stop shop

Check Point researchers have conducted a thorough investigation of the DiamondFox malware-as-a-service in collaboration with Terbium Labs, a Dark Web Data Intelligence company. The report includes a review of the malware’s sales procedure...

Malware blog

Checkpoint

30.7.18

Update – OSX/Dok Campaign

Our ongoing investigation of the OSX/DOK campaign has led us to detect several new variants of this malware. These new variants have the same functionality as the previous ones, and are designed to.

Malware blog

Checkpoint

30.7.18

OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated)

People often assume that if you’re running OSX, you’re relatively safe from malware. But this is becoming less and less true, as evidenced by a new strain of malware encountered by the Check.

Malware blog

Checkpoint

30.7.18

An In-depth Look at the Gooligan Malware Campaign

Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30. The report discusses the ins and outs of.

Malware blog

Checkpoint

30.7.18

More Than 1 Million Google Accounts Breached by Gooligan

As a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of..

Malware blog

Checkpoint

30.7.18

ImageGate: Check Point uncovers a new method for distributing malware through images

Check Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these..

Malware blog

Checkpoint

18

Increased Use of a Delphi Packer to Evade Malware Classification

The concept of "packing" or "crypting" a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools.

Malware blog

FireEye

18

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov.

Malware blog

FireEye

18

Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign

FireEye recently observed a campaign involving Microsoft Office vulnerabilities being used to distribute the FELIXROOT backdoor.

Malware blog

FireEye