HackDig : Dig high-quality web security articles for hackers

New Family of Ransom Locker Found, Uses TOR Hidden Service

On March 9 2016, Cyphort Labs discovered an infection on a porn site keng94(dot)com redirecting visitors to an exploit kit and installing a Ransom Locker. The site is redirecting users to rg(dot)foldersasap(dot)com which is a RIG EK landing page that serves a malicious flash file and a malicious binary. Chain and RIG EK landing   The binary arrives e
Publish At:2016-03-21 18:25 | Read:4492 | Comments:0 | Tags:Malware Deep Dive Uncategorized

Psychcentral.com infected with Angler EK: Installs bedep, vawtrak and POS malware

 On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral about this infection as early as we have discovered it. As of October 29, their technical team identified the problem and addressed the issue. Psychcentral[.]com i
Publish At:2015-11-02 15:30 | Read:4800 | Comments:0 | Tags:exploit kit Malware Deep Dive New Infection Angler Web Infec

Infected Korean Website Installs Banking Malware

On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and Korean banks. We looked at our logs for this year and found more Korean websites infected: koreatimes.com (Sep. 18, 2015) filehon.com(May 30, 2015) joara.com (May
Publish At:2015-09-28 20:10 | Read:5448 | Comments:0 | Tags:Banking Malware exploit kit Malware Deep Dive New Infection

DIY Chatroom and over a hundred forums injected with malware

Cyphort Labs discovered a malware campaign attacking over a hundred popular forum websites.  They are powered by outdated software so the vulnerability was likely used to compromise them, injecting the malware redirection code. The injection redirects to an exploit kit that downloads encrypted Gamarue malware that is sandbox-aware (does not execute in virtua
Publish At:2015-04-09 05:25 | Read:8863 | Comments:0 | Tags:Malware Deep Dive CVE-2013-2551 CVE-2015-0313 Web Infection

Bedep’s Cousin – Malvertising and Click Fraud

On March 27, Cyphort Labs discovered a piece of malware delivered through a Russian women fashion site (i6.igalya.ru). The malware contains a malicious payload for a click fraud campaign. The infection redirects visitors from i6.igalya.ru through intermediary sites and eventually to a site hosting an exploit kit that in turn downloads the malware onto the vi
Publish At:2015-04-07 05:20 | Read:11429 | Comments:0 | Tags:Malvertising Malware Deep Dive Zero-Day Malware malvertising


Share high-quality web security related articles with you:)