dcsimg

Recognize a phishing attack, then stop it dead in its tracks

We would like to think we can outsmart the bad guys who are trying to phish for our personal data. Learn how to get one step ahead of their hacking attempts. … [Read more...]

VPNFilter malware still making waves

Last month, a piece of malware called VPNFilter caused chaos for owners of MikroTik, Lynksys, TP-Link, and Netgear equipment. Roughly 500,000 devices worldwide fell victim, with the unwanted parasite able to listen to traffic, steal credentials, damage devices, and more. Until patches started to roll out, the options weren’t great; as one of our researchers, Jovi Umawing told SCMagazine … [Read more...]

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven’t already. (source: Adobe) Be careful with your World Cup Wi-Fi. (Source: Securelist) Wannacry ransomware … [Read more...]

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, (you can catch up on part 1 here), we’ll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: used for memory management SecureStringToBSTR: used to convert the secure string to decrypted … [Read more...]

Malware analysis: decoding Emotet, part 1

Emotet Banking Trojan malware has been around for quite some time now. As such, infosec researchers have made several attempts to develop tools to de-obfuscate and even decrypt the AES-encrypted code belonging to this malware. The problem with these tools is that they target active versions of the malware. They run into problems when the authors of the malware change the code. The change could be … [Read more...]

Kuik: a simple yet annoying piece of adware

Some pieces of malware can be so simple—and yet such a pain to get rid of—especially when they start interfering with your system’s configuration. This much is true for the Kuik adware program, which surprised us all by forcing affected machines to join a domain controller. The perpetrators are using this unusual technique to push Google Chrome extensions and coin miner applications to their … [Read more...]

SamSam ransomware: what you need to know

SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Based on our own run-ins with the infection, we’ve observed that attacks were made on targets via vulnerable JBoss host servers during a previous wave of SamSam attacks in 2016 and 2017. In 2018, SamSam uses either vulnerabilities in remote desktop protocols … [Read more...]

Spartacus ransomware: introduction to a strain of unsophisticated malware

Spartacus ransomware is a new sample that has been circulating in 2018. Written in C#, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others we have seen in the past, such as ShiOne, Blackheart, and Satyr. However, there is no sure relationship … [Read more...]

Far Cry 5 download offers: embrace the power of “no”

The recently released Far Cry 5 is a video game where you reclaim Montana from a cult obsessed with the “power of yes” by hitting members over the head with a shovel. It’s also one of the biggest sellers for publisher Ubisoft to date, and it stands to reason that many people would like to grab a copy for free. It’s been a while since we saw a wave of YouTube vids promising … [Read more...]

PBot: a Python-based adware

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot/PythonBot: a Python-based adware. Apart from a couple of posts on forums in Russian language and brief threat notes, we couldn’t find any detailed publication. Some of its features are pretty … [Read more...]