Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany.

Read more

Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

We discovered an interesting trick used by Colibri Loader to survive reboots that takes advantage of a legitimate command in PowerShell.

Read more

A week in security (Nov 8 – Nov 14)

A roundup of the previous week’s articles, and the most important and interesting security events and happenings.

Read more

A multi-stage PowerShell based attack targets Kazakhstan

We uncover a new attack delivered via a number of PowerShell scripts to deploy Cobalt Strike.

Read more

A week in security (January 14 – 20)

A roundup of last week’s security news from January 14 to 20, including APT10, Fallout EK, Colllection 1 data, Youtube challenges, hosting malicious sites and a Fortnite security flaw.

Read more

Improved Fallout EK comes back after short hiatus

The Fallout exploit kit is back with some noteworthy improvements.

Read more

New ‘Under the Radar’ report examines modern threats and future technologies

Malwarebytes released a new report called “Under the Radar: The Future of Undetected Malware” that takes a look at current threats using next generation tricks, and how current security technologies stand up to these threats, as well as the threats to come.

Read more

What’s new in TrickBot? Deobfuscating elements

TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.

Read more

Fileless malware: getting the lowdown on this insidious threat

In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.

Read more

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, we analyze the PowerShell code flow and structure. We also reconstruct the command-line arguments—for fun!

Read more

Select your language