Tag: Threat Analysis

  • Scarab ransomware: new variant changes tactics

    The Scarab ransomware was discovered in June 2017. Since then, several variants have been created and discovered in the …

  • GandCrab ransomware distributed by RIG and GrandSoft exploit kits

    This post was authored by Vasilios Hioueras and Jérôme Segura Late last week saw the appearance of a new ransomware called GandCrab. …

  • Using ILSpy to analyze a small adware file

    My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called …

  • Tech support scammers abuse native ad and content provider Taboola to serve malvertising

    A large number of publishers – big and small – are monetizing their sites by selling space for companies that provide so-called native advertising, cited as more effective and engaging than traditional banner ads. Indeed, on a news or entertainment site, users are more inclined to click on links and articles thinking that they are…

  • Drive-by mining and ads: The Wild Wild West

    There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for mining purposes. Read full news article on Malwarebytes…

  • Fake IRS notice delivers customized spying tool

    While macro-based documents and scripts make up for the majority of malspam attacks these days, we also see some campaigns that leverage documents embedded with exploits. Case in point, we came across a malicious Microsoft Office file disguised as a CP2000 notice. Read full news article on Malwarebytes Unpacked  

  • Explained: YARA rules

    YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. Read full news article on Malwarebytes Unpacked  

  • PSA: New Microsoft Word 0day used in the wild

    Microsoft has just patched an important vulnerability in Microsoft Word during its latest patch Tuesday cycle. According to the security firm that found it [1], this new zero-day (CVE-2017-8759) was used in targeted attacks to install a piece of malware known as FinFisher. Read full news article on Malwarebytes Unpacked  

  • Compromised LinkedIn accounts used to send phishing links via private message and InMail

    Phishing continues to be a criminals’ favorite for harvesting user credentials with more or less sophisticated social engineering tricks. In this post, we take a look at a recent attack that uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also to external members via email. Read full…

  • Expired domain names and malvertising

    April 24, 2012 – The fight against malware is a cat-and-mouse game. It is constant and constantly escalating. Read full news article on Malwarebytes Unpacked  

  • Locky ransomware adds anti sandbox feature (updated)

    By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containing .VBS or .JS attachments. Malwarebytes…

  • Cerber ransomware delivered in format of a different order of Magnitude

    As a follow up to our study into the Magnitude exploit kit and its gate (which we profiled in a previous blog post), we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is the delivery…