Threat analysis

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation - We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we've seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.
New evasion techniques found in web skimmers - As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.
Spelevo exploit kit debuts new social engineering trick - In order to maximize infection rate, threat actors are now launching the Spelevo exploit kit with a decoy adult site, social engineering users into downloading a malicious video player.
Hundreds of counterfeit online shoe stores injected with credit card skimmer - A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.
New version of IcedID Trojan uses steganographic payloads - We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.
The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT - Bread crumbs left behind open up a possible connection between Magecart Group 5 and Carbanak.
Magecart Group 4: A link with Cobalt Group? - Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.
Magecart criminals caught stealing with their poker face on - This blog post details the curious case of a web skimmer encountered in a poker application.
The Hidden Bee infection chain, part 1: the stegano pack - The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That's why we're dedicating a series of posts to exploring its elements and updates made during one year of its evolution.

Select your language