Collaborate Disseminate
The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn’t even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. Continue reading Targeted Malware Reverse Engineering Workshop follow-up. Part 2
With so many questions collected during the Targeted Malware Reverse Engineering webinar we lacked the time to answer them all online, we promised we would come up with this blogpost. Continue reading Targeted Malware Reverse Engineering Workshop follow-up. Part 1
Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. Continue reading Malicious code in APKPure app
The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector. Continue reading The leap of a Cycldek-related threat actor
In this article we discuss browser lockers that mimic law enforcement websites. Continue reading Browser lockers: extortion disguised as a fine
A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
Convuster adware for macOS is written in Rust and able to use Gatekeeper to evade analysis. Continue reading Convuster: macOS adware now in Rust
As we observe a growing interest in the newly released Apple Silicon platform from malware adversaries, this inevitably leads us to new malware samples compiled for it. In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board. Continue reading Good old malware for the new Apple Silicon platform
Fake ad blocker is delivering a Monero cryptocurrency miner to user computers. Continue reading Ad blocker with miner included
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns. Continue reading Lazarus targets defense industry with ThreatNeedle