Collaborate Disseminate
The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we’ll take a deep dive into its functionality and compare the sample we captured with the one described in the past.
Categories:
M… Continue reading Avzhan DDoS bot dropped by Chinese drive-by attack
This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.
Categories:
Threat analysis
Tags: Chinesecoinhivedrive-byEKexploit kitexploitsFlash PlayerInternet Explorersvchost.exe… Continue reading Drive-by download campaign targets Chinese websites, experiments with exploits
This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.
Categories:
Threat analysis
Tags: Chinesecoinhivedrive-byEKexploit kitexploitsFlash PlayerInternet Explorersvchost.exe… Continue reading Drive-by download campaign targets Chinese websites, experiments with exploits
A primer on encryption mechanisms and how they are exploited by malware authors, including an introduction to encryption and the main methods used to encrypt ransomware.
Categories:
Threat analysis
Tags: 101encryptionransomware
(Read more…… Continue reading Encryption 101: a malware analyst’s primer
Android users have been exposed to drive-by cryptomining in one of the largest campaigns that we have detected so far.
Categories:
Threat analysis
Tags: AndroidBotCAPTCHAcoinhivecrypto miningcryptominingdrive-by
(Read more…)
The post… Continue reading Drive-by cryptomining campaign targets millions of Android users
A new Mac cryptocurrency miner, called OSX.CreativeUpdate, was being distributed from the MacUpdate website, in the guise of known apps such as Firefox.
Categories:
Mac
Threat analysis
Tags: cryptominercryptominingmacmac malwareMacUpdatePlatypu… Continue reading New Mac cryptominer distributed via a MacUpdate hack
We’ve found that a variant of the Scarab ransomware, called Scarabey, is distributed via a different technique, with a different payload code, and a new target: Russia.
Scarabey, like most ransomware, is designed to demand a Bitcoin payment from i… Continue reading Scarab ransomware: new variant changes tactics
We’ve found that a variant of the Scarab ransomware, called Scarabey, is distributed via a different technique, with a different payload code, and a new target: Russia.
Scarabey, like most ransomware, is designed to demand a Bitcoin payment from i… Continue reading Scarab ransomware: new variant changes tactics
Ransomware may have slowed its growth but is still a go-to payload for threat actors looking to monetize drive-by download attacks. The latest attempt: GandCrab ransomware.
Categories:
Exploits
Threat analysis
Tags: exploit kitsgandcrabgandcrab… Continue reading GandCrab ransomware distributed by RIG and GrandSoft exploit kits
Two new extensions in Firefox and Chrome force install then hide from the user. Learn how you can protect yourself against them and remove them manually.
Categories:
Malware
Threat analysis
Tags: blockedchromeextensionsfirefoxnormal removalPiet… Continue reading New Chrome and Firefox extensions block their removal to hijack browsers