TrickBot adds new trick to its arsenal: tampering with trusted texts

TrickBot’s latest feature allows it to tamper with the web sessions of users from Verizon, T-Mobile, and Sprint mobile carriers.

Read more

The Hidden Bee infection chain, part 1: the stegano pack

The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That’s why we’re dedicating a series of posts to exploring its elements and updates made during one year of its evolution.

Read more

EternalPetya – yet another stolen piece in the package?

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Read more

LatentBot piece by piece

LatentBot is a multi-modular Trojan written in Delphi and known to have been around since 2013. Recently, we captured and dissected a sample distributed by RIG Exploit Kit.

Read more

Elusive Moker Trojan is back

We finally have gotten our hands on a sample of Moker Trojan (that was discovered in 2015). This article will be a deep dive in its capabilities.

Read more

Diamond Fox – part 2: let’s dive in the code

In a previous post we made an initial analysis of a Diamond Fox bot delivered by the Nebula Exploit Kit (more about the campaign can be found here). We described the way to unpack the protection layer in order to get the core, written in Visual Basic, that can be decompiled. In this second part of…

Read more

Explained: Sage ransomware

Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing outbreak of version 2.2. of this product.

Read more

Diamond Fox – part 1: introduction and unpacking

In this short series of posts, we will take a deep dive in a sample of Diamond Fox delivered by the Nebula Exploit Kit (described here). We will also make a brief comparison with the old, leaked version, in order to show the evolution of this product.

Read more

Explained: Spora ransomware

Spora ransomware has joined the family of ransomware created by professionals. Take a closer look at Spora.

Read more

Zbot with legitimate applications on board

Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader – a downloader installing on the victim machine a ZeuS-based malware.

Read more

Select your language