All 101 Cybercrime Malwarebytes news PUP Security world Threat analysis

October 5, 2018 - In part two of this series on fileless malware, our malware analyst walks readers through two demonstrations of fileless malware attacks and shows the problems with detecting them using static signatures.

CONTINUE READINGNo Comments

August 30, 2018 - When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look.

CONTINUE READINGNo Comments

August 29, 2018 - In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.

CONTINUE READINGNo Comments

August 13, 2018 - Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

CONTINUE READINGNo Comments

June 19, 2018 - SamSam ransomware is a unique malware for its explicit human interaction on selected targets and care to erase most of its tracks.

CONTINUE READINGNo Comments

June 7, 2018 - In part two of our series on decoding Emotet, we analyze the PowerShell code flow and structure. We also reconstruct the command-line arguments—for fun!

CONTINUE READINGNo Comments

May 25, 2018 - In the first part of this two-part analysis of Emotet, we look at the VBA code, where you'll learn how to recognize and discard "dead" code thrown in to complicate the analysis process.

CONTINUE READINGNo Comments

May 8, 2018 - Kuik adware, which forces affected machines to join a domain controller, is using this unusual technique to push Google Chrome extensions and coin miner applications. In this blog, we'll provide technical analysis of the adware and custom removal instructions.

CONTINUE READINGNo Comments

April 30, 2018 - Spartacus ransomware is a fairly new variant seen in 2018. We'll walk you through the malware sample to analyze the code in detail, and help you learn how to get an obfuscated .NET sample into a readable state.

CONTINUE READINGNo Comments

April 18, 2018 - Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.

CONTINUE READINGNo Comments

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language