Collaborate Disseminate
Ransomware is so popular that even tech support scammers have eventually adopted it. Now the ransom note asks you to call ‘Microsoft’ to get your encrypted files back.Categories: Threat analysisTags: microsoftransomwaretech supporttech support scamsTSS… Continue reading Tech support scammers up their game with ransomware
A new ransomware, TeleCrypt appeared recently carrying some new ideas. Telecrypt abuses the API of a popular messenger, Telegram.Categories: Malware
Threat analysisTags: malwareransomwareTeleCryptTeleCrypt DecryptorTelegram API(Read more…) Continue reading TeleCrypt – the ransomware abusing Telegram API – defeated!
PrincessLocker ransomware has appeared some time ago and has drawn out attention by using the same template of the site for a victim as Cerber did. In this article, we dig deeper and try to answer questions about its internal similarities with Cerber (… Continue reading PrincessLocker – ransomware with not so royal encryption
Floki Bot, described recently by Dr. Peter Stephenson from SC Magazine is yet another bot, based on the leaked Zeus code. However, the author came up with various custom modifications that makes it more interesting.Categories: Malware
Threat analysisT… Continue reading Floki Bot and the stealthy dropper
 |
|
| Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadn’t been described yet.
Categories: Tags: bankerdyredyrezatrickbottrickloader |
Content Protector is an adware that is offered as a netfiltering program. This seems a bit strange for ad-supported software. It also comes with it’s own certificate.Categories: PUPs
Threat analysisTags: adwarecontent defenderContent protectornetfilte… Continue reading PUP Friday: Content Protector
In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader f… Continue reading New-looking Sundown EK drops Smoke Loader, Kronos banker
For this PUP Friday post, we’re going to look into PUPs that we can simply classify as “Downloaders”. We have sampled a program called the Internet Download Manager, which is capable of downloading other files we detect as PUP and connects to sites lea… Continue reading PUP Friday: Let’s talk generic
Last Friday, I wrote about a set of 6 PUP apps by Nikoff Security. This week, there have been some new developments in the story, some good news and some bad news.Categories: PUPs
Threat analysisTags: AppleMac App StoreNikoff SecurityPUPPUPs(Read more… Continue reading PUP Friday: Nikoff Security redux
A new piece of Mac malware, dubbed Komplex, has been discovered by Palo Alto Networks. This malware provides a backdoor into the system, like most other recent Mac malware. Where it gets most interesting, though, isn’t in its capabilities, but in the c… Continue reading Komplex Mac backdoor answers old questions