Threat analysis

Magecart criminals caught stealing with their poker face on - This blog post details the curious case of a web skimmer encountered in a poker application.
The Hidden Bee infection chain, part 1: the stegano pack - The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That's why we're dedicating a series of posts to exploring its elements and updates made during one year of its evolution.
Say hello to Lord Exploit Kit - In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.
Exploit kits: summer 2019 review - In this edition of our seasonal review of exploit kits, we review active and unique EKs hitting consumers and businesses over the summer 2019 season.
A deep dive into Phobos ransomware - We take an in-depth look into Phobos ransomware which threat actors distribute via RDP and look at similarities with Dharma (AKA CrySis) ransomware.
Fake jquery campaign leads to malvertising and ad fraud schemes - We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.
GreenFlash Sundown exploit kit expands via large malvertising campaign - The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.
Magecart skimmers found on Amazon CloudFront CDN - Not all breaches on Content Delivery Networks (CDNs) result in supply-chain attacks, yet, they are often a forgotten entry point for attackers to slip in malicious code, such as web skimmers.
Hidden Bee: Let’s go down the rabbit hole - The complex and sophisticated custom malware, Hidden Bee, is a Chinese cryptominer that recently released an updated sample. We unpack the sample to look at the functionality of its loader and compare it against earlier versions.

Select your language