Hiding in Plain Sight: Multi-Actor ahost.exe Attacks

Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe By Mallikarjun Wali and Mohideen Abdul Khader · January 14, 2026 Executive summary The Trellix Advanced Research Center has uncovered an active malware campaign that exploits a DLL sideloading...

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...

CVE-2017-8459

Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in for example the display of web-search results...

Another Master Key vulnerability discovered in Android 4.3

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...

Foncy is Dead, Long Live Mania

In the middle of January 2012 Foncy was updated: it started to spread together with an IRC bot and a root exploit. But the end of the Foncy story was very close because in February two suspected authors of this malware were arrested in Paris: you can read the story here in French and here in...