Collaborate Disseminate
Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Li… Continue reading Snake malware ported from Windows to Mac
Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold.
Categories:
Mac
Threat analysis
Tags: AppleDokument.zipmacmacOSmalw… Continue reading New OSX.Dok malware intercepts web traffic
We finally have gotten our hands on a sample of Moker Trojan (that was discovered in 2015). This article will be a deep dive in its capabilities.
Categories:
Malware
Threat analysis
Tags: EKexploit kitmalwareMokerratRIG EKtrojan
(Read more…)
With another player out at the moment, we take a look at a rebranded exploit kit in current malware campaigns.
Categories:
Exploits
Threat analysis
Tags: exploits kitsSundown EKTerror EK
(Read more…)
The post Sundown EK gone missing, Terror EK f… Continue reading Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns
 |
|
| We’ve detected an uptick in USPS-themed malspam walloping users with a 1-2-3 knock-out of nasty malware designed to infiltrate your system and steal all your most valuable information. This malware-laced email is actively being distributed with various Subject and Body messages containing references to missing and/or late USPS parcels.
Categories: Tags: JavaScriptmalspammalwaretrojanTrojan.BoaxxeTrojan.KovterUSPS |
The post USPS-themed malspam now delivering 1-2-3 Knock-out appeared first on Malwarebytes Labs.
Continue reading USPS-themed malspam now delivering 1-2-3 Knock-out
A malvertising campaign on iOS is pushing a scareware page tricking Apple users into installing a free VPN app that comes with serious privacy implications.
Categories:
Social engineering
Threat analysis
Tags: AppleiOSiPhonemalvertisingmalwareMyMobil… Continue reading Malvertising on iOS pushes eyebrow-raising VPN app
 |
|
| In a previous post we made an initial analysis of a Diamond Fox bot delivered by the Nebula Exploit Kit (more about the campaign can be found here). We described the way to unpack the protection layer in order to get the core, written in Visual Basic, that can be decompiled. In this second part of…
Categories: Tags: Diamond FoxEKexploit kitNebulaNebula Exploit Kit |
The post Diamond Fox – part 2: let’s dive in the code appeared first on Malwarebytes Labs.
Continue reading Diamond Fox – part 2: let’s dive in the code
Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing outbreak of version 2.2. of this product.
Categor… Continue reading Explained: Sage ransomware
In this blog, we expose a family of backdoor drivers that have been included in various PUPs of Chinese origin for several years.
Categories:
Malware
PUP/PUM
Threat analysis
Tags: IOCTLPUPPUPs
(Read more…)
The post Chinese PUPs and backdoor driv… Continue reading Chinese PUPs and backdoor drivers: making systems less secure since 2013
 |
|
| In this short series of posts, we will take a deep dive in a sample of Diamond Fox delivered by the Nebula Exploit Kit (described here). We will also make a brief comparison with the old, leaked version, in order to show the evolution of this product.
Categories: Tags: Diamond FoxGornychmalwareVisual BasicVisual Basic Decompiler |
The post Diamond Fox – part 1: introduction and unpacking appeared first on Malwarebytes Labs.
Continue reading Diamond Fox – part 1: introduction and unpacking