We research. You level up.
Social engineering | Threat analysis
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
January 6, 2021 - A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
Read more
Threat analysis
SolarWinds advanced cyberattack: What happened and what to do now
December 14, 2020 - Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.
Malware | Threat analysis
German users targeted with Gootkit banker or REvil ransomware
November 30, 2020 - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
Exploits | Threat analysis
Malsmoke operators abandon exploit kits in favor of social engineering scheme
November 16, 2020 - Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.
Malware | Malwarebytes news | Threat analysis
Release the Kraken: Fileless injection into Windows Error Reporting service
October 6, 2020 - We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.
Inter skimming kit used in homoglyph attacks
August 6, 2020 - Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.
Malspam campaign caught using GuLoader after service relaunch
July 30, 2020 - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
July 21, 2020 - We uncovered an active campaign in early July that we attribute to a new Chinese APT group attacking India and Hong Kong with MgBot malware.
Credit card skimmer targets ASP.NET sites
July 6, 2020 - This unusual web skimmer campaign goes after sites running Microsoft's IIS servers with an outdated version of the ASP.NET framework.
Contributors
Threat Center
Glossary
Scams
Write for Labs
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.