dcsimg

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Process Doppelgänging meets Process Hollowing in Osiris dropper

One of the Holly Grails for malware authors is a perfect way to impersonate a legitimate process. That would allow them to run their malicious module under the cover, being unnoticed by antivirus products. Over the years, various techniques have emerged in helping them to get closer to this goal. This topic is also interesting for researchers and reverse engineers, as it shows creative ways of … [Read more...]

Fake Fortnite for Android links found on YouTube

The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android, despite the fact the game has yet to be released on this platform. Swati Khandelwal of The Hacker News highlights … [Read more...]

An in-depth malware analysis of QuantLoader

This guest post is written by Vishal Thakur, CSIRT/Salesforce. For more on Vishal, read his bio at the end of the blog. QuantLoader is a Trojan downloader that has been available for sale on underground forums for quite some time now. It has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. The campaign that we are going to analyze is serving a … [Read more...]

Bogus hack apps hack users back for cryptocash

Recently, we discovered a gold…er…APK mine of fake hacking apps. The “legitimate” versions of hack apps are intended to hack other apps in order to get something for free. Although it’s unclear what exactly these fake apps claim to hack, the real hack job is done to unsuspecting users. Search and you will find Disclaimer:  I, and Malwarebytes, do not recommend the process I’m about to … [Read more...]

Lo lo lo Loapi Trojan could break your Android

Kaspersky has found what they deem as a jack of all trades malicious app they call Trojan.AndroidOS.Loapi. Like the Trojan AsiaHitGroup we discovered last month on Google Play, this malware can do all the things—it’s a downloader, dropper, SMS Trojan, and can push ads all from the same malicious app. If left to its own devices, it could overheat the phone by taxing the processor, make the … [Read more...]

Seamless campaign serves RIG EK via Punycode (updated)

Update (2017-12-05): We noted some malvertising chains using a new domain name (newadultthem[.]info) also hosted on the same IP address as the Punycode one. – – The Seamless campaign is one of the most prolific malvertising chains pushing the RIG exploit kit and almost exclusively delivering the Ramnit Trojan. Identification of Seamless is typically easy, due to its use of static … [Read more...]

A week in security (November 20 – November 26)

Last week, we warned you about a new method by which the Mac malware OSX.Proton is being spread, we informed you where all those free Bitcoins you were texted about were being held up, how the EU intends to battle fake news, and how the Terdot Trojan likes social media. We also revealed our 2018 security predictions. Other news Due to zero entropy implementation of Address Space Layout … [Read more...]

Terdot Trojan likes social media

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable to a Trojan making the rounds called Terdot. Our friends at Bitdefender wrote a white paper about the … [Read more...]