HackDig : Dig high-quality web security articles for hackers

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning
Publish At:2020-06-24 07:10 | Read:177 | Comments:0 | Tags:Featured Malware descriptions Browser Exploit Kits Malware D

Oh, what a boot-iful mornin’

In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. There is nothing new about cybercriminals exploiting the coronav
Publish At:2020-06-23 08:00 | Read:123 | Comments:0 | Tags:Featured Malware descriptions Bootkit DLL hijacking Malware

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used by top
Publish At:2020-06-19 07:29 | Read:165 | Comments:0 | Tags:APT reports Featured Malware Descriptions Malware Technologi

Spam and phishing in Q1 2020

Quarterly highlights Don’t get burned Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process is a challenge all by itself (there are several stages,
Publish At:2020-05-26 08:14 | Read:208 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history.  And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. The world of ATM/P
Publish At:2020-05-03 08:09 | Read:388 | Comments:0 | Tags:Featured Malware reports ATM attacks Financial malware Malwa

Hiding in plain sight: PhantomLance walks into a market

In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims’ money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back
Publish At:2020-05-03 08:09 | Read:341 | Comments:0 | Tags:APT reports Featured Apple MacOS APT Backdoor Google Android

Spam and phishing in 2019

Figures of the year The share of spam in mail traffic was 56.51%, which is 4.03 p.p. more than in 2018. The biggest source of spam this year was China (21.26%). 44% of spam e-mails were less than 2 KB in size. Malicious spam was detected most commonly with the Exploit.MSOffice.CVE-2017-11882 verdict. The Anti-Phishing system was triggered 467,188,119 times.
Publish At:2020-04-08 07:25 | Read:648 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

Unkillable xHelper and a Trojan matryoshka

It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever. The main feature of xHelper is entrenchment — once it gets into the phone, it somehow remains there even after the user deletes it and restores the factory settings. We conducted a thoroug
Publish At:2020-04-07 08:21 | Read:479 | Comments:0 | Tags:Featured Research Android Malware Descriptions Malware Techn

Loncom packer: from backdoors to Cobalt Strike

The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-
Publish At:2020-04-02 06:58 | Read:609 | Comments:0 | Tags:Featured Malware descriptions Backdoor Malware Descriptions

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:396 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast
Publish At:2020-03-26 14:33 | Read:615 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Google Android I

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor h
Publish At:2020-03-24 06:44 | Read:604 | Comments:0 | Tags:APT reports Featured Encryption Industrial threats Malware D

MonitorMinor: vicious stalkerware

The other day, our Android traps ensnared an interesting specimen of stalkerware — commercial software that is usually used to secretly monitor family members or colleagues. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Let’s take a look one step at a time. Modern stalkerware What i
Publish At:2020-03-16 08:00 | Read:612 | Comments:0 | Tags:Featured Malware descriptions Google Android Malware Descrip

Cookiethief: a cookie-stealing Trojan for Android

We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. The exact means by which the Trojan was able to infect c
Publish At:2020-03-12 06:26 | Read:585 | Comments:0 | Tags:Featured Malware descriptions Android Malware Technologies M

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observe
Publish At:2020-02-27 10:41 | Read:547 | Comments:0 | Tags:APT reports Featured Botnets Google Android Malware Descript

Announce

Share high-quality web security related articles with you:)

Tools