Electrum Bitcoin wallets under siege

Threat actors are relentlessly phishing and attacking Electrum Bitcoin wallet users, racking up millions of dollars.

Read more

Exploit kits: fall 2018 review

With a fresh exploit kit in town, the drive-by download landscape shows new signs of life in fall 2018.

Read more

RIG exploit kit campaign gets deep into crypto craze

We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more recently via a campaign dubbed Ngay.

Read more

LatentBot piece by piece

LatentBot is a multi-modular Trojan written in Delphi and known to have been around since 2013. Recently, we captured and dissected a sample distributed by RIG Exploit Kit.

Read more

Elusive Moker Trojan is back

We finally have gotten our hands on a sample of Moker Trojan (that was discovered in 2015). This article will be a deep dive in its capabilities.

Read more

Websites compromised in ‘Decimal IP’ campaign

This URL is quite probably unlike anything you’ve ever seen before and yet still works and redirects to malware.

Read more

The HookAds malvertising campaign

In this post we take a look at a malvertising campaign that we traced back to late August and that is targeting adult traffic. While initially pushing the Neutrino exploit kit, it switched to RIG EK in September. We estimate that at least one million visitors to adult websites were exposed to this particular campaign.

Read more

New-looking Sundown EK drops Smoke Loader, Kronos banker

In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.

Read more

Just For Men website serves malware

The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exploit kit.

Read more

Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns

Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.

Read more

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language