Blog News -






20.9.2018Fake finance apps on Google Play target users from around the worldFake finance apps on Google Play target users from around the worldCybercrooks use bogus apps to phish six online banks and a cryptocurrency exchangeEset
20.9.2018The Occasional Orator Part 1The Occasional Orator Part 1Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and deliveryEset
20.9.2018Bristol airport takes flight screens offline after apparent ransomware attackBristol airport takes flight screens offline after apparent ransomware attackThe screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working orderEset
20.9.2018One in three UK orgs hit by cryptojacking in previous month, survey findsOne in three UK orgs hit by cryptojacking in previous month, survey findsConversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currenciesEset
14.9.2018Meet Black Rose Lucy, the Latest Russian MaaS BotnetAn organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent years we’ve seen cyber criminals take greater heed of this advice by increasingly hiring cyber mercenaries and Malware-as-a-Service (MaaS) providers as a way to carry out their malicious activities.Checkpoint
14.9.2018Domestic Kitten: An Iranian Surveillance OperationChinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internalized and implemented this strategy to great effect, and continue to do so today.Checkpoint

Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who...Checkpoint

CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center...Checkpoint

Interactive Mapping of APT-C-23

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017,...Checkpoint

Ryuk Ransomware: A Targeted Campaign Break-Down

Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers...Checkpoint

VBEtaly: An Italian Ursnif MalSpam Campaign

Check Point researchers have found another wave of the Ursnif malspam campaign targeting Italy. Only a few details are known so far but what we have found is that the file delivered is a VBE file (encoded VBS) named “SCANSIONE.vbe” and is delivered via ZIP attachments in emails with the subject suggesting different documents in Italian.Checkpoint

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..Checkpoint
12.8.2018Man-in-the-Disk: Android Apps Exposed via External StorageResearch By: Slava Makkaveev Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an...Checkpoint
7.8.2018FakesApp: A Vulnerability in WhatsAppResearch By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...Checkpoint
5.8.2018Ramnit’s Network of Proxy ServersResearch By: Alexey Bukhteyev As you may know, Ramnit is one of the most prominent banking malware families in existence today and lately Check Point Research monitored a new massive campaign of Ramnit, dubbed...Checkpoint
31.7.2018Osiris: An Enhanced Banking TrojanResearch By: Yaroslav Harakhavik and Nikita Fokin Following our recent analysis of the Kronos banking Trojan, we discovered that Kronos has also now been enhanced to hide its communication with C&C server using Tor....Checkpoint
30.7.2018A Malvertising Campaign of Secrets and LiesCheck Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via multiple...Checkpoint