Malware

Cleaning up after Emotet: the law enforcement file

January 29, 2021 - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Read more

German users targeted with Gootkit banker or REvil ransomware

November 30, 2020 - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Read more

Release the Kraken: Fileless injection into Windows Error Reporting service

October 6, 2020 - We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.

Read more

Malspam campaign caught using GuLoader after service relaunch

July 30, 2020 - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch

Read more

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

June 17, 2020 - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Read more

New LNK attack tied to Higaisa APT discovered

June 4, 2020 - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Read more

Shining a light on “Silent Night” Zloader/Zbot

May 21, 2020 - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Read more

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

May 6, 2020 - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Read more

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

May 15, 2019 - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Read more