Malware Technologies – WindowsTechs.com

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Posted on April 18, 2024 by GReAT

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware→

SoumniBot: the new Android banker’s unique techniques

Posted on April 17, 2024 by Dmitry Kalinin

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. Continue reading SoumniBot: the new Android banker’s unique techniques→

Using the LockBit builder to generate targeted ransomware

Posted on April 15, 2024 by Eduardo Ovalle, Francesco Figurelli, Cristian Souza, Ashley Muñoz

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. Continue reading Using the LockBit builder to generate targeted ransomware→

XZ backdoor story – Initial analysis

Posted on April 12, 2024 by GReAT

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. Continue reading XZ backdoor story – Initial analysis→

DinodasRAT Linux implant targeting entities worldwide

Posted on March 28, 2024 by Anderson Leite, Lisandro Ubiedo

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. Continue reading DinodasRAT Linux implant targeting entities worldwide→

What’s in your notepad? Infected text editors target Chinese users

Posted on March 13, 2024 by Sergey Puzan

Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine. Continue reading What’s in your notepad? Infected text editors target Chinese users→

Network tunneling with… QEMU?

Posted on March 5, 2024 by Grigory Sablin, Alexander Rodchenko, Kirill Magaskin

While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator. Continue reading Network tunneling with… QEMU?→

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

Posted on February 8, 2024 by GReAT

We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. Continue reading Coyote: A multi-stage banking Trojan abusing the Squirrel installer→

Cracked software beats gold: new macOS backdoor stealing cryptowallets

Posted on January 22, 2024 by Sergey Puzan

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. Continue reading Cracked software beats gold: new macOS backdoor stealing cryptowallets→

Cracked software beats gold: new macOS backdoor stealing cryptowallets

Posted on January 22, 2024 by Sergey Puzan