malware

Pierluigi Paganini February 19, 2019
These Are the Countries With the Best and Worst Cybersecurity

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have. They ranged from regulatory fines to depression to damaged relationships with customers. According to a report […]

Pierluigi Paganini February 19, 2019
The Long Run of Shade Ransomware

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. It spreads Shade/Treshold variants, one of the most dangerous threats in the cyber crime scenario, known since its massive infection into […]

Pierluigi Paganini February 18, 2019
New Trickbot module implements Remote App Credential-Grabbing features

The Trickbot banking trojan continues to evolve, Trend Micro detected a new variant that includes a new module used for Remote App Credential-Grabbing. The infamous Trickbot banking trojan is back, experts at Trend Micro detected a new strain of the malware using an updated info-stealing module. The new strain of the Trickbot banking trojan that […]

Pierluigi Paganini February 17, 2019
Windows App runs on Mac to download MacOS malware

Experts at Trend Micro have detected a new strain of MacOS malware that hides inside a Windows executable to avoid detection. Security experts at Trend Micro have spotted a new strain of MacOS malware disguises itself as a Windows executable file to evade detection. The malware is carried via .EXE file that will not execute […]

Pierluigi Paganini February 17, 2019
Security Affairs newsletter Round 201 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Adiantum will bring encryption on Android devices without […]

Pierluigi Paganini February 16, 2019
Astaroth Trojan relies on legitimate os and antivirus processes to steal data

A new Astaroth Trojan campaign was spotted by the Cybereason’s Nocturnus team, hackers are targeting Brazil and European countries. Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. “The campaign exploits legitimate operating system processes […]

Pierluigi Paganini February 13, 2019
Experts found a way to create a super-malware implanted in SGX-enclaves

Researchers devised a new technique to hide malware in the security Intel SGX enclaves, making it impossible to detect by several security technologies. Security researchers devised a new technique to hide malware in the security Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a technology for application developers that allows protecting select code and data […]

Pierluigi Paganini February 13, 2019
Malicious PDF Analysis

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the […]

Pierluigi Paganini February 12, 2019
Gootkit: Unveiling the Hidden Link with AZORult

Cybaze-Yoroi ZLAB revealed interesting a hidden connection between the AZORult toolkit and specific Gootkit payload. Introduction In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin N020219 the attack waves tried to impersonate legit communication from a known Express Courier. However, a deeper analysis by Cybaze-Yoroi ZLAB revealed interesting hidden aspects, […]

Pierluigi Paganini February 11, 2019
MetaMask app on Google Play was a Clipboard Hijacker

Security researcher Lukas Stefanko from ESET discovered the first Android cryptocurrency clipboard hijacker impersonating MetaMask on the official Google Play store. The rogue MetaMask app is a Clipboard Hikacker that monitors a device’s clipboard for Bitcoin and Ethereum addresses and replaces them with addresses of wallets under the control of the attacker. Using this trick the attackers can transfers funds […]