Threat analysis – Page 4 – WindowsTechs.com

PBot: a Python-based adware

Posted on April 18, 2018 by hasherezade

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
Categories:

Malware
Th… Continue reading PBot: a Python-based adware→

Magnitude exploit kit switches to GandCrab ransomware

Posted on April 17, 2018 by Jérôme Segura

After being faithful to its own Magniber ransomware for several months, Magnitude EK joins others to adopt GandCrab.
Categories:

Exploits
Threat analysis

Tags: EKexploit kitgandcrabMagnituderansomware

‘FakeUpdates’ campaign leverages multiple website platforms

Posted on April 10, 2018 by Jérôme Segura

Browser update? Do not trust, and do verify before downloading potential malware.
Categories:

Social engineering
Threat analysis

Tags: chromeChtonicfake updatesFakeUpdatesfirefoxflashJoomlamalvertisingmalwareratSquarespacewordpress

(Read mor… Continue reading ‘FakeUpdates’ campaign leverages multiple website platforms→

LockCrypt ransomware: weakness in code can lead to recovery

Posted on April 4, 2018 by Malwarebytes Labs

A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws.
Categories:

Malware
Threat analysis

Tags: LockCryptLockCrypt ransomwarer… Continue reading LockCrypt ransomware: weakness in code can lead to recovery→

Exploit kits: Winter 2018 review

Posted on March 29, 2018 by Jérôme Segura

In this Winter 2018 review, we check the pulse of exploit kits and their latest developments.
Categories:

Exploits
Threat analysis

Tags: CVE-2014-6332CVE-2015-2419CVE-2015-7645CVE-2015-8651CVE-2016-0189CVE-2018-4878EKsexploit kitsgrandsoftGreen… Continue reading Exploit kits: Winter 2018 review→

An in-depth malware analysis of QuantLoader

Posted on March 28, 2018 by Malwarebytes Labs

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we’ll take a high-level look at the campaign flow, as well as a deep dive into how the ma… Continue reading An in-depth malware analysis of QuantLoader→

Encryption 101: Decryptor’s thought process

Posted on March 27, 2018 by Vasilios Hioureas

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrappin… Continue reading Encryption 101: Decryptor’s thought process→

Malicious cryptomining and the blacklist conundrum

Posted on March 26, 2018 by Jérôme Segura

When threat actors take to free and disposable cloud services, the battle against malicious cryptomining becomes a lot more difficult.
Categories:

Cryptomining
Threat analysis

Tags: adblockersblacklistcoinhivecryptominerscryptominingGitHub

(… Continue reading Malicious cryptomining and the blacklist conundrum→

Hermes ransomware distributed to South Koreans via recent Flash zero-day

Posted on March 14, 2018 by Malwarebytes Labs

An uncommon exploit kit adds a fresh Flash Player exploit to distribute the Hermes ransomware in South Korea.
Categories:

Exploits
Threat analysis

Tags: CVE-2018-4878EKexploit kitFashHermesransomware

Hancitor: fileless attack with a kernel trick

Posted on March 13, 2018 by Malwarebytes Labs

Evading detection when distributing payloads is a key part of an effective malware campaign. Hancitor shows that it has yet another trick up its sleeve for that.
Categories:

Malware
Threat analysis

Tags: filelessHancitormacromalwarepayloads

… Continue reading Hancitor: fileless attack with a kernel trick→