malware

Pierluigi Paganini April 08, 2019
Recent Roaming Mantis campaign hit hundreds of users worldwide

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang. Roaming […]

Pierluigi Paganini April 07, 2019
Security Affairs newsletter Round 208 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Ex-NSA contractor Harold Thomas Martin pleads guilty to federal charge of willful retention of national defense information Experts released the List of ~600 MAC addresses hit in ASUS hack […]

Pierluigi Paganini April 05, 2019
Xwo Malware scans the Internet for Exposed Services, Default Passwords

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. The name ‘Xwo‘ comes from […]

Pierluigi Paganini April 05, 2019
Step By Step Office Dropper Dissection

Malware researcher and founder of Yoroi Marco Ramill described a step-by-step procedure that shows how to dissect an Office dropper. During the past few weeks, I received several emails asking how to dissect Office Payloads. While I was thinking about how to answer to such questions I received a MalSpam with a Microsoft Office document […]

Pierluigi Paganini April 04, 2019
New XLoader variant leverage Twitter to hide C2 addresses

Security experts at Trend Micro spotted a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application. Trend Micro discovered a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application, the malware also attempts to infect Apple devices (iPhones and […]

Pierluigi Paganini April 02, 2019
Analyzing AZORult malware using NSA Ghidra suite

Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. Introduction One of the most expected moments in the infosec community during the last few months was, with no doubt, the Ghidra public release. On the 5th of March, at the RSA conference, […]

Pierluigi Paganini April 02, 2019
BREAKING: new update about DDoS’er Linux/DDoSMan ELF malware based on Elknot

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. Non-Technical-Premise “This report is meant for incident response or Linux forensics purpose, TO HELP admin & IR folks”, with this the very beginning sentence starts the new analysis of one […]

Pierluigi Paganini March 29, 2019
Malware researchers decrypted the Qrypter Payload

Malware researchers at Cybaze-Yoroi ZLAB team dissected a new sample of Qrypter malware that revealed an interesting evolution of the threat. Introduction During the last weeks, Yoroi’s monitoring operation intercepted some malicious emails required further attention: they were sent to a very few organizations and the content was specifically tailored for Italian speaking targets. This […]

Pierluigi Paganini March 28, 2019
Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat […]

Pierluigi Paganini March 27, 2019
A new AZORult C++ variant can establish RDP connections

Experts from Kaspersky observed a new C++ version of the AZORult data stealer that implements the ability to establish RDP connections. The AZORult Trojan is one of the most popular data stealers in the Russian cybercrime underground. The AZORult stealer was first spotted in 2016 by Proofpoint that discovered it was part of a secondary […]