HackDig : Dig high-quality web security articles

APT ToddyCat

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call &#
Publish At:2022-06-21 06:17 | Read:783 | Comments:0 | Tags:APT reports APT Backdoor Dropper Encryption Malware Descript

What is fileless malware?

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive. For an attacker, fileless malware has two major advantages:
Publish At:2021-10-28 10:15 | Read:1152 | Comments:0 | Tags:Explained attack surface CactusTorch credentials dropper exf

GhostEmperor: From ProxyLogon to kernel mode

 Download GhostEmperor’s technical details (PDF) While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated
Publish At:2021-09-30 07:31 | Read:1881 | Comments:0 | Tags:APT reports APT Drivers Dropper Malware Descriptions Malware

HQWar: the higher it flies, the harder it drops

Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the protective barriers, and their develo
Publish At:2019-10-02 13:20 | Read:3287 | Comments:0 | Tags:Malware descriptions Dropper Google Android Malware Descript

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the mach
Publish At:2019-09-23 06:20 | Read:5907 | Comments:0 | Tags:Featured Research ATM Dropper Financial malware Lazarus Malw

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a kno
Publish At:2017-11-01 18:25 | Read:7101 | Comments:0 | Tags:Featured Research Backdoor Dropper Financial malware Targete

A simple example of a complex cyberattack

We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘M
Publish At:2017-09-26 14:25 | Read:6008 | Comments:0 | Tags:Research DLL hijacking Dropper Microsoft Word Social Enginee

De-obfuscating malicious Vbscripts

Although they were never really gone, it looks like there is a rise in the number of malicious vbscripts in the wild. Maybe the similarity to VBA scripts and possible use in macros is responsible for the increased popularity. Let’s have a quick look at a few of them. First some background VBScript has been installed with every desktop version of Windows sin
Publish At:2016-03-01 14:45 | Read:7626 | Comments:0 | Tags:Malware Analysis banker clicker de-obfuscate decrypt dropper

CoreBot Malware Steals Credentials-For Now

A new piece of data-stealing malware has a real thirst for credentials—and the potential for worse trouble down the line.IBM today published a report on CoreBot, generic information-stealing malware designed with enough flexibility to soon ramp up its capabilities to exfiltrate data in real time. “CoreBot appears to be quite modular, which means that
Publish At:2015-08-31 18:15 | Read:59500 | Comments:0 | Tags:Malware Web Security banking trojan CoreBot DGA domain gener

Cryptowall 3.0 Slims Down, Removes Exploits From Dropper

A slimmed down version of Cryptowall is in circulation, and this one contains no built-in exploits, confirming a growing trend that most ransomware will be spread almost exclusively via exploit kits.Kits such as Angler, Nuclear, and most recently Hanjuan, have been busy incorporating Flash exploits dropping a mix of click-fraud malware and ransomware with gr
Publish At:2015-02-09 17:20 | Read:6898 | Comments:0 | Tags:Uncategorized Cisco Cisco Talos command and control Cryptowa


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud