Pierluigi Paganini
March 11, 2019
Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. Experts observed the ransomware also installing the dreaded Azorult password-stealing Trojan on victim’s machine to steal account credentials, cryptocurrency wallets, documents […]
Pierluigi Paganini
March 10, 2019
Ransomware threat makes the headlines again, this time an attack hit the computers of Jackson County, Georgia, paralyzing the government activity. Computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files. “The Jackson County government paid online criminals about […]
Pierluigi Paganini
March 09, 2019
Malware researchers from Trend Micro have spotted a new piece of malware dubbed SLUB that leverages GitHub and Slack for C&C communications. Malware researchers at Trend Micro have spotted a new backdoor dubbed SLUB that abuse GitHub and Slack for command and control (C&C) communications. According to the experts, the SLUB backdoor (Backdoor.Win32.SLUB.A) was only […]
Pierluigi Paganini
March 08, 2019
A few days ago, Cybaze-Yoroi ZLAB researchers spotted a suspicious JavaScript file that implemented several techniques to evade detection of all AV solutions. Introduction A few days ago, Cybaze-Yoroi ZLAB researchers spotted a suspicious JavaScript file needing further attention: it leveraged several techniques in order to evade all AV detection and no one of the […]
Pierluigi Paganini
March 07, 2019
Security experts at FortiGuard uncovered a new malware campaign aimed at delivering the StealthWorker brute-force malware. The malicious code targets both Windows and Linux systems, compromised systems are used to carry out brute force attacks along with other infected systems. The malicious code was first discovered by Malwarebytes at the end of February and tracked […]
Pierluigi Paganini
March 06, 2019
In the past weeks, a new strange campaign emerged in the cyber threat Italian landscape, it has been tracked as “Operation Pistacchietto.” Introduction In the past weeks, a new strange campaign emerged in the Italian landscape. It has been baptized “Operation Pistacchietto” from a username extracted from a Github account used to serve some part […]
Pierluigi Paganini
March 06, 2019
Over the last few days, a new ransomware campaign infected several users around the world as part of the #OpJerusalem campaign. SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to […]
Pierluigi Paganini
March 04, 2019
Security researchers at McAfee have linked the Op. Sharpshooter with the North Korea-linked Lazarus APT group after analyzing code from a command and control (C2) server. Security experts at McAfee analyzed the code of a C2 server involved in the cyber espionage campaign tracked as Op. Sharpshooter and linked it with the North Korea-linked APT […]
Pierluigi Paganini
March 04, 2019
The Necurs Botnet continues to evolve, a new strategy aims at hiding in the shadows, and leverages new payloads to recruits new bots. Necurs botnet is currently the second largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, […]
Pierluigi Paganini
March 02, 2019
SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 macro, also known as XLM macro, and used to download and execute a final […]
