EUVD-2019-13201

Malware in sbrugna...

Trend Micro and INTERPOL Join Forces Again for Operation Synergia

Trend and other private entities recently contributed to INTERPOL’s Operation Synergia, a global operation that successfully took down over 1,000 C&C servers and identified suspects related to phishing, banking malware, and ransomware activity...

Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks

Russian cyber espionage actors affiliated with the Federal Security Service FSB have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and...

Threats to ICS and industrial enterprises in 2022

Continuing trends In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming yea...

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebo...

Ad blocker with miner included

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. They are distributed through malicious websites that may turn up in the victims search results. By the look of it, it appears to be a continuation of the summer campaign covered by our...

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...

Aggressive in-app advertising in Android

Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...

Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads

Researchers are warning of a new breed of Android malware, dubbed “Agent Smith,” that they claim has infected 25 million handsets in order to replace legitimate apps with doppelgangers that display rogue ads. The malware is tied to a China-based firm, according to Check Point researchers, and is...

Spam Campaigns Spread Trickbot Malware with Tax Lure

Hackers pushing the TrickBot banking trojan are exploiting tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. Researchers said that they discovered the malware in three different campaigns since Jan. 27, 2019. These campaigns target victims with emails...

Malcom - Malware Communications Analyzer

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. What is Malcom?...

The return of Fantomas, or how we deciphered Cryakl

In early February this year, Belgian police seized the C&C servers of the infamous Cryakl cryptor. Soon afterwards, they handed over the private keys to our experts, who used them to update the free RakhniDecryptor tool for recovering files encrypted by the malware. The ransomware, which for year...

Trojanized BitTorrent Software Update Hijacked 400,000 PCs Last Week

A massive malware outbreak that last week infected nearly half a million computers with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet. Dubbed Dofoil also known as Smoke Loader, the malware was found dropping a...

ShadowPad in corporate networks

ShadowPad, part 2: Technical Details PDF In July 2017, during an investigation, suspicious DNS requests were identified in a partner's network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Furth...

Malware Hunter — Shodan's new tool to find Malware C&C Servers

Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted ...

Analyze Web-based Network Traffic: squidmagic

Analyze Web-based Network Traffic squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control C&C servers and Malicious site, using Squid proxy server and Spamhaus. Install Ubuntu 16.04 Clone this repo & execute the script squidmagic ./install.sh ✓...

squidmagic - Analyze a Web-Based Network Traffic to Detect Central Command and Control (C&C) Servers and Malicious Site

squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control C&C servers and Malicious site, using Squid proxy server and Spamhaus. usage squidmagic python squidmagic.py /var/log/squid3/access.log | | | | / |/ | | | | |/ | ' \ / |/ | |/ | \ \ | | || |...

The PhotoMiner Campaign

In this report we will share our research on the PhotoMiner’s timelines, infection strategies, C&C servers and provide tools to help detect the malware...

CVE-2015-4259

The Integrated Management Controller on Cisco Unified Computing System UCS C servers with software 1.53 and 1.60.16 has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug...

CVE-2015-4259

The Integrated Management Controller on Cisco Unified Computing System UCS C servers with software 1.53 and 1.60.16 has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug...