Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report

In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, provide an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts.

Categories:

Tags:

(Read more…)

The post Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report appeared first on Malwarebytes Labs.

Continue reading Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report

Untangling Kovter’s persistence methods

Kovter is a click-fraud malware famous from the unconventional tricks used for persistence. It hides malicious modules in PowerShell scripts as well as in registry keys to make detection and analysis difficult. In this post we will take a deep dive into the techniques used by it’s latest samples to see all the elements and…

Categories:

Tags:

(Read more…)

Continue reading Untangling Kovter’s persistence methods

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large… Continue reading Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

FedEx Problems with item delivery, n.00196222 Shawn Maddox – JS malware leads to ransomware

Last revised or Updated on: 18th March, 2016, 6:56 AMAn email with the subject of  FedEx_00196222.zip pretending to come from  mogotoys@server.robo-apps.com; on behalf of; FedEx 2Day <shawn.maddox@mogotoys.com>  with a zip attachment is another one from the current bot runs which downloads ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: mogotoys@server.robo-apps.com; on behalf of; FedEx 2Day <shawn.maddox@mogotoys.com> Date: Fri 18/03/2016 02:49 Subject: Problems with item delivery, n.00196222 Attachment: FedEx_00196222.zip Body content: Dear Customer,  Your parcel has arrived at March 15. Courier was … Continue reading → Continue reading FedEx Problems with item delivery, n.00196222 Shawn Maddox – JS malware leads to ransomware

blank email from support@hvp-online.com – JS malware downloads kovter boaxxe and ransomware

Last revised or Updated on: 14th March, 2016, 9:55 AMAn email addressed to abuse at your email domain  with no  subject  coming from Support <support@hvp-online.com> with a zip attachment is another one from the current bot runs which downloads They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. I have only seen 1 copy of this so far, but in previous weeks, I often got 1 copy about 1-2 hours before the main influx. I do not know based on this one email if  there will be … Continue reading → Continue reading blank email from support@hvp-online.com – JS malware downloads kovter boaxxe and ransomware