The malware was designed to copy the credentials in a way that wouldn’t be detected by antivirus programs. The copying process, for instance, remained active for less than one minute. The malware didn’t steal general credentials, and it copied cookies and saved passwords by querying copies of the original cookies and LoginData files rather than… Read More

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, whichhad been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. Source: malwarebytes… Read More

Global chip-maker Intel on Tuesday announced two new technologies—Threat Detection Technology (TDT) and Security Essentials—that not only offer hardware-based built-in security features across Intel processors but also improve threat detection without compromising system performance. Intel’s Threat Detection Technology (TDT) offers a new set of features that leverage hardware-level telemetry to help security products detect new… Read More

In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework based on QEMU. It allows us to run a whole operating system in a virtual environment… Read More

In this paper we provide an implementation, evaluation, and analysis of PowerHammer, a malware (bridgeware [1]) that uses power lines to exfiltrate data from air-gapped computers. In this case, a malicious code running on a compromised computer can control the power consumption of the system by intentionally regulating the CPU utilization. Data is modulated, encoded,… Read More

The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace. That’s according to a blog post by Jérôme Segura, lead malware intelligence analyst at Malwarebytes. The hackers, he wrote, cause the sites to display authentic-appearing messages to… Read More

Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there could be a link between this Android malware and Group 123. Talos decided to investigate this malware. And due to our reporting and history of following of Group… Read More

The malware stores encrypted buffers, “hidden” directly within the text section. The address of each encrypted buffer is retrieved thanks to a trick commonly used by malware. Since a call instruction pushes on the stack the address of the instruction to execute when returning from the callee, a call instruction (0xE8) with an operand of… Read More