HackDig : Dig high-quality web security articles for hacker

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:209 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

HQWar: the higher it flies, the harder it drops

Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the protective barriers, and their develo
Publish At:2019-10-02 13:20 | Read:167 | Comments:0 | Tags:Malware descriptions Dropper Google Android Malware Descript

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the mach
Publish At:2019-09-23 06:20 | Read:160 | Comments:0 | Tags:Featured Research ATM Dropper Financial malware Lazarus Malw

IT threat evolution Q2 2019

Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users thr
Publish At:2019-09-19 18:20 | Read:181 | Comments:0 | Tags:Featured Malware reports APT Cyber espionage Data leaks Fina

Spam and phishing in Q2 2019

Quarterly highlights Spam through Google services In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen as more trustworthy by both users and spam filters. Most often
Publish At:2019-09-19 18:20 | Read:115 | Comments:0 | Tags:Featured Spam and phishing Malicious spam Malware Descriptio

Fully equipped Spying Android RAT from Brazil: BRATA

“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since Janua
Publish At:2019-09-19 18:20 | Read:95 | Comments:0 | Tags:Research Brazil Google Android Malware Descriptions Mobile M

Threats to macOS users

Introduction The belief that there are no threats for the macOS operating system (or at least no serious threats) has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that they are right to a certain degree: compared to Windows-based s
Publish At:2019-09-19 18:20 | Read:161 | Comments:0 | Tags:Featured Research Apple MacOS Malware Descriptions Phishing

Spam and phishing in Q3 2017

Quarterly highlights Blockchain and spam Cryptocurrencies have been a regular theme in the media for several years now. Financial analysts predict a great future for them, various governments are thinking about launching their own currencies, and graphics cards are swept off the shelves as soon as they go on sale. Of course, spammers could not resist the top
Publish At:2017-11-03 07:15 | Read:2265 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

ATM malware is being sold on Darknet market

Disclaimer and warning ATM systems appear to be very secure, but the money can be accessed fairly easily if you know what you are doing. Criminals are exploiting hardware and software vulnerabilities to interact with ATMs, meaning they need to be made more secure. This can be achieved with the help of additional security software, properly configured to stop
Publish At:2017-10-21 15:05 | Read:3613 | Comments:0 | Tags:Research ATM Darknet Financial malware Malware Descriptions

Miners on the Rise

Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabilities to do so. This results in threat actors receiving cryptocurr
Publish At:2017-09-12 13:30 | Read:2624 | Comments:0 | Tags:Research Botnets Cryptocurrencies Malware Descriptions Socia

Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!” In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy. NeutrinoPOS vs Jimmy The au
Publish At:2017-08-29 07:00 | Read:3191 | Comments:0 | Tags:Research Banking Trojan Cryptocurrencies Malware Description

Spam and phishing in Q2 2017

Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware – Backdoor.Win32.Androm and Trojan.Win32.Kovter. The usual trick of present
Publish At:2017-08-22 09:10 | Read:3419 | Comments:0 | Tags:Featured Quarterly Spam Reports Malicious spam Malware Descr

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware, while its geographical spread is growing. Some of these modifi
Publish At:2017-08-17 05:05 | Read:4006 | Comments:0 | Tags:Mobile Google Android Malware Descriptions Mobile Malware Tr

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:3848 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were one of the unfortunate victims, this screen might look familiar: Kaspersky Lab solutions successfully stop the attack through the System Watcher component. This te
Publish At:2017-06-27 20:10 | Read:4344 | Comments:0 | Tags:Featured Incidents Data Encryption Malware Descriptions Rans

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud