Threat analysis

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

October 22, 2019 - Bread crumbs left behind open up a possible connection between Magecart Group 5 and Carbanak.

Read more

Magecart Group 4: A link with Cobalt Group?

October 3, 2019 - Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.

Read more

Magecart criminals caught stealing with their poker face on

August 20, 2019 - This blog post details the curious case of a web skimmer encountered in a poker application.

Read more

The Hidden Bee infection chain, part 1: the stegano pack

August 15, 2019 - The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That's why we're dedicating a series of posts to exploring its elements and updates made during one year of its evolution.

Read more

Say hello to Lord Exploit Kit

August 2, 2019 - In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.

Read more

Exploit kits: summer 2019 review

July 30, 2019 - In this edition of our seasonal review of exploit kits, we review active and unique EKs hitting consumers and businesses over the summer 2019 season.

Read more

A deep dive into Phobos ransomware

July 24, 2019 - We take an in-depth look into Phobos ransomware which threat actors distribute via RDP and look at similarities with Dharma (AKA CrySis) ransomware.

Read more

Fake jquery campaign leads to malvertising and ad fraud schemes

June 27, 2019 - We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.

Read more

GreenFlash Sundown exploit kit expands via large malvertising campaign

June 26, 2019 - The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.

Read more