PROPagate Code Injection Technique Detected in the Wild for the First Time PROPagate is a relatively new code injection technique discovered last November. Back then, a security researcher found that an attacker could abuse the SetWindowSubclass API, a function of the Windows operating system that manages GUIs, to load and execute malicious code inside the processes of legitimate apps. The infosec research community deemed the technique innovative,… Read More
File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system’s distributions that would delete user files. Thankfully, the malicious code fails to trigger properly and users’ files remain safe. How the hacker gained access to Gentoo’s GitHub account still remains a… Read More
HIDDEN COBRA – Joanap Backdoor According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors. According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using… Read More
BackSwap malware finds innovative ways to empty bank accounts To steal money from a victim’s account via the internet banking interface, typical banking malware will inject itself or its specialized banking module into the browser’s process address space. For many reasons, this is not an easy task – first of all, as mentioned before, the injection might be intercepted by a third-party security solution.… Read More
Malware Found in the Firmware of 141 Low-Cost Android Devices News of this group first surfaced after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware. At the time, experts said they found malware in the firmware of at least 26 low-cost… Read More
New VPNFilter malware targets 100,000s of networking devices worldwide For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor’s widespread use of a sophisticated modular malware system we call ‘VPNFilter.’ We have not completed our research, but recent events have convinced us that the correct way forward is… Read More
Malware and Where to Find Them We, as malware analysts, are always in need of new samples to analyze in order to learn, train or develop new techniques and defenses. One of the most common questions I get is “Where to find malware to analyze?” so I’m sharing here my private collection of repositories, databases and lists which I use onadaily… Read More
Man faces up to 35 years in prison for helping hackers evade detection by anti-virus software In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, were arrested in Latvia and extradited to the US by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom. Scan4You was set up in 2009… Read More
Dutch police seize servers of MaxiDed, a provider known for hosting malware ops The name of the hosting provider is MaxiDed, a service that has operated since late 2008, but which became increasingly more aggressive with its marketing in the last two years when its ads became a common occurrence on cybercrime forums. According to an archived version of the site, the company offered dedicated servers, VPS, VPN,… Read More
Brutal cryptocurrency mining malware crashes your PC when discovered A new form of cryptominer has been discovered which crashes systems the moment antivirus products attempt to remove the malware. The malware, dubbed WinstarNssmMiner by 360 Total Security researchers, has been used in half a million attempted attacks leveraged at PCs in only three days. On Wednesday, the cybersecurity firm said the cryptomining malware aims… Read More