Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploadsNorth Korean Lazarus APT group targets blockchain tech companiesWatch out for Ukraine donation scammers in Twitter repliesBeware tragic “my daughter died…” Facebook posts offering free PS5sUS warns of APT groups that can “gain full system access” to some industrial cont

p>It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some organizations have automated the uploading of email attachment

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. Since 2020, at least 130 different ransomware families h

In the last days of April 2021, the operators of Babuk ransomware announced they were going to focus on demanding a ransom for information stolen from compromised networks, leaving the encryption part of their operation behind. It meant that they no longer needed ransomware at all. “Babuk changes direction, we no longer encrypt information on networks, we

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual priva

As COVID-19 soldiers on, small and medium-size businesses now feel as ripe for malware attacks as deep-pocketed multinationals. SMBs see that, along with remote work, our pandemic has also brought troubling new holes to their security. This means cybercriminals—equal opportunity charlatans that they are—now simply cast wider nets to snare any and all busi

This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. It’s a practice that is surprisingly common. Weeks ago, Malwarebytes Labs released the SMB Cybersecurity Trust & C

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious fi

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential

Ransomware has hit the news again in the UK today only a few short weeks since the WannaCry outbreak crippled the National Health Service. This time University College London (UCL) was hit by a ransomware strain which has resulted in them having to take down parts of their network to stop infected machines harming key university data. Credit to UCL for what

When Microsoft acquired Sysinternals in 2006, one of the most famous tools it gained was Process Explorer. For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. It offers a much clearer view of what is going on and has a lot more options. Besides the options the regu

Any time a malware variant hits the news we get numerous requests for information. It is typically quite difficult to provide any information based on names that have been given to threats. A simple way to illustrate this is by using a service such as Virustotal and seeing what name other AV companies use for the same threat. I found a recent article about a

A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear.The RAT, dubbed GlassRAT, was signed with a certificate belonging to a popular Chinese software company with hundreds of millions of users worldwide. The RAT was used to spy on Chinese nationals working in commer

VirusTotal, a popular online file scanning service that analyzes files and URLs for the identification of malware, is now executing suspicious Mac apps inside a sandbox to improve its analysis and detection of Mac malware. VirusTotal now extracts behavioral information from scanned Mac executable files, an important step forward for the Google-owned file sca

Mac malware is a thing. It’s real. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized.Adding further credence, Google-owned online malware scanner VirusTotal this week anno