Threat analysis – Page 4 – WindowsTechs.com

Spartacus ransomware: introduction to a strain of unsophisticated malware

Posted on April 30, 2018 by Vasilios Hioureas

Spartacus ransomware is a fairly new variant seen in 2018. We’ll walk you through the malware sample to analyze the code in detail, and help you learn how to get an obfuscated .NET sample into a readable state.
Categories:

Malware
Threat analysi… Continue reading Spartacus ransomware: introduction to a strain of unsophisticated malware→

New Crossrider variant installs configuration profiles on Macs

Posted on April 24, 2018 by Thomas Reed

A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way, using a configuration profile to keep its effects resident in the system.
Categories:

Mac
Threat analysis

Tags: Advanced Mac Cleaneradwareconfigurat… Continue reading New Crossrider variant installs configuration profiles on Macs→

PBot: a Python-based adware

Posted on April 18, 2018 by hasherezade

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
Categories:

Malware
Th… Continue reading PBot: a Python-based adware→

Magnitude exploit kit switches to GandCrab ransomware

Posted on April 17, 2018 by Jérôme Segura

After being faithful to its own Magniber ransomware for several months, Magnitude EK joins others to adopt GandCrab.
Categories:

Exploits
Threat analysis

Tags: EKexploit kitgandcrabMagnituderansomware

‘FakeUpdates’ campaign leverages multiple website platforms

Posted on April 10, 2018 by Jérôme Segura

Browser update? Do not trust, and do verify before downloading potential malware.
Categories:

Social engineering
Threat analysis

Tags: chromeChtonicfake updatesFakeUpdatesfirefoxflashJoomlamalvertisingmalwareratSquarespacewordpress

(Read mor… Continue reading ‘FakeUpdates’ campaign leverages multiple website platforms→

LockCrypt ransomware: weakness in code can lead to recovery

Posted on April 4, 2018 by Malwarebytes Labs

A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws.
Categories:

Malware
Threat analysis

Tags: LockCryptLockCrypt ransomwarer… Continue reading LockCrypt ransomware: weakness in code can lead to recovery→

Exploit kits: Winter 2018 review

Posted on March 29, 2018 by Jérôme Segura

In this Winter 2018 review, we check the pulse of exploit kits and their latest developments.
Categories:

Exploits
Threat analysis

Tags: CVE-2014-6332CVE-2015-2419CVE-2015-7645CVE-2015-8651CVE-2016-0189CVE-2018-4878EKsexploit kitsgrandsoftGreen… Continue reading Exploit kits: Winter 2018 review→

An in-depth malware analysis of QuantLoader

Posted on March 28, 2018 by Malwarebytes Labs

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we’ll take a high-level look at the campaign flow, as well as a deep dive into how the ma… Continue reading An in-depth malware analysis of QuantLoader→

Encryption 101: Decryptor’s thought process

Posted on March 27, 2018 by Vasilios Hioureas

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrappin… Continue reading Encryption 101: Decryptor’s thought process→

Malicious cryptomining and the blacklist conundrum

Posted on March 26, 2018 by Jérôme Segura

When threat actors take to free and disposable cloud services, the battle against malicious cryptomining becomes a lot more difficult.
Categories:

Cryptomining
Threat analysis

Tags: adblockersblacklistcoinhivecryptominerscryptominingGitHub

(… Continue reading Malicious cryptomining and the blacklist conundrum→