Threat analysis

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT - Bread crumbs left behind open up a possible connection between Magecart Group 5 and Carbanak.
Magecart Group 4: A link with Cobalt Group? - Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.
Magecart criminals caught stealing with their poker face on - This blog post details the curious case of a web skimmer encountered in a poker application.
The Hidden Bee infection chain, part 1: the stegano pack - The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That's why we're dedicating a series of posts to exploring its elements and updates made during one year of its evolution.
Say hello to Lord Exploit Kit - In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.
Exploit kits: summer 2019 review - In this edition of our seasonal review of exploit kits, we review active and unique EKs hitting consumers and businesses over the summer 2019 season.
A deep dive into Phobos ransomware - We take an in-depth look into Phobos ransomware which threat actors distribute via RDP and look at similarities with Dharma (AKA CrySis) ransomware.
Fake jquery campaign leads to malvertising and ad fraud schemes - We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.
GreenFlash Sundown exploit kit expands via large malvertising campaign - The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.

Select your language