Threat analysis – Page 14 – WindowsTechs.com

PUP Friday: Nikoff Security

Posted on September 23, 2016 by Thomas Reed

My attention was drawn a few weeks ago to a group of 6 apps in the Mac App Store, all made by someone named Nicholas Ebner. Part of what drew my attention was the name of one of the apps: Adware WebMedic Pro, suspiciously similar to the name of my old … Continue reading PUP Friday: Nikoff Security→

PUP Friday: MPlayerX

Posted on September 9, 2016 by Thomas Reed

MPlayerX has been around for over 2 years. With it’s adware installer, adware, analysis avoidance behavior, and other PUPs calling it a PUP is a no-brainer.Categories: PUPs
Threat analysisTags: adwareIronCoremalwareMalwarebytesMPlayerXPUPVSearch(Read … Continue reading PUP Friday: MPlayerX→

Transmission hijacked again to spread malware

Posted on September 1, 2016 by Thomas Reed

In this article, we take a look at a couple important takeaways from 2 recent hacks on Transmission. Categories: Mac
Threat analysisTags: AppleKeRangerKeydnapmacmalwareransomwaretorrent(Read more…) Continue reading Transmission hijacked again to spread malware→

Unpacking the spyware disguised as antivirus

Posted on August 25, 2016 by Malwarebytes Labs

Recently we got access to several elements of the espionage toolkit that has been captured attacking Vietnamese institutions. During the operation, the malware was used to dox 400,000 members of Vietnam Airlines.Categories: Malware
Threat analysisTags… Continue reading Unpacking the spyware disguised as antivirus→

PokemonGo Ransomware comes with some clever tricks

Posted on August 22, 2016 by Malwarebytes Labs

We have all seen the current popularity and craze with PokemonGo, it’s no surprise cyber-criminals would plan on using this to their advantage and imitate the game with malicious substitutions. Categories: Malware
Threat analysisTags: malwarepokemonpo… Continue reading PokemonGo Ransomware comes with some clever tricks→

Systweak Redux: our response

Posted on August 22, 2016 by Christopher Boyd

On July 29, we published a blog titled “PUP Friday: Cleaning up with 5 star awards”, taking a look at a registry cleaner called RegCleanPro made by Systweak. We detect the file in question as a PUP, and covered it as part of our regular PUP Friday seri… Continue reading Systweak Redux: our response→

PUP Friday: MacKeeper

Posted on August 19, 2016 by Thomas Reed

We wrote an article in 2014 about some fraudulent behaviors involving MacKeeper. Fast forward to 2016, and unfortunately, the story is much the same.Categories: PUPs
Threat analysisTags: ApplemacPUPPUPs(Read more…) Continue reading PUP Friday: MacKeeper→

PCVARK plays dirty

Posted on August 19, 2016 by Thomas Reed

We very quickly found ourselves in a deep rabbit-hole of Mac crapware when researching a major developer of Mac PUPs (potentially unwanted programs), PCVARK.Categories: PUPs
Threat analysisTags: ApplemacPCVARKPUP(Read more…) Continue reading PCVARK plays dirty→

Shakti Trojan: Technical Analysis

Posted on August 17, 2016 by hasherezade

Recently, we took a look at the interesting Trojan found by Bleeping Computer. Our small investigation on its background and possible attribution has led us to the conclusion that this threat is in reality not new – probably it has been designed in 2012 for the purpose of corporate espionage operations. Yet it escaped from…

Categories:

Tags: doxing espionage shakti stealer trojan

Shakti Trojan: Document Thief

Posted on August 15, 2016 by Malwarebytes Labs

Recently, Bleeping Computer published a short article about an unrecognized Trojan that grabs documents from the attacked computer and uploads them into a malicious server. Looking at the characteristics of the tool, we suspect that it has been prepared for the purpose of corporate espionage. So far, no AV has given any meaningful identification to this malware—it is detected under generic names. Since not much is known about its internals, we decided to take a closer look.

Categories:

Tags: doxing shakti spyware trojan