Researchers at Cluster25 have published research about exploit code that’s triggered when a user moves their mouse over a link in…
Tag: powershell
Forced Chrome extensions get removed, keep reappearing
In the continued saga of annoying search extensions we have a new end-of-level boss. Victims have been reporting browser extensions that…
A week in security (June 20 – June 26)
Last week on Malwarebytes Labs: Stay safe!
Cybersecurity agencies: You don’t have to delete PowerShell to secure it
Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it…
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the…
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura (2022-04-07): Added MITRE ATT&CK mappings…
A week in security (Nov 8 – Nov 14)
Last week on Malwarebytes Labs On Malwarebytes’ Lock and Code podcast episode S02E21 of this week we talked to Jess Dodson…
A multi-stage PowerShell based attack targets Kazakhstan
This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure…
A week in security (January 14 – 20)
Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent…
Improved Fallout EK comes back after short hiatus
[Edit 2019-01-24] Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we…