Process Doppelgänging meets Process Hollowing in Osiris dropper

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

Read more

A state of constant uncertainty or uncertain constancy? Fast flux explained

Although often seen as an illegal cybercriminal tactic, the methodology behind fast flux is actually far from evil. So how is it being abused? Read on to learn more.

Read more

A week in security (August 28 – September 3)

A compilation of security news and blog posts from the 28th of August to the 3rd of September. We touched on Kronos, Locky, a 419 scam, insider threats, and more!

Read more

Inside the Kronos malware – part 2

In part two of our Kronos malware analysis, we look at the malicious actions Kronos can perform.

Read more

A week in security (August 14 – August 20)

A compilation of security news and blog posts from the 14th of August to the 20th of August. We looked at back to school cybersecurity tips, Kronos malware, and the return of Locky ransomware.

Read more

Inside the Kronos malware – part 1

The first part of this research looks at the tricks used by the Kronos banking malware.

Read more

New-looking Sundown EK drops Smoke Loader, Kronos banker

In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.

Read more

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language