Threat analysis – Page 13 – Computer Security Articles

Encryption 101: ShiOne ransomware case study

February 28, 2018 admin encryption, encryption functionality, encryption methods, malware, ransomware, ShiOne, ShiOne ransomware, Threat analysis

Credit to Author: Vasilios Hioureas| Date: Wed, 28 Feb 2018 16:00:00 +0000

In this case study on ShiOne ransomware, part of our Encryption 101 series, we will be reviewing the encryption process line by line and showing the different methods ransomware can use to encrypt files.

Categories:

Tags: encryption encryption functionality encryption methods malware ransomware ShiOne ShiOne ransomware

(Read more…)

The post Encryption 101: ShiOne ransomware case study appeared first on Malwarebytes Labs.

MalwareBytes Security

Avzhan DDoS bot dropped by Chinese drive-by attack

February 23, 2018 admin avzhan, Bot, Botnet, ddos, drive-by attack, exploit kit, malware, Threat analysis

Credit to Author: hasherezade| Date: Fri, 23 Feb 2018 18:00:00 +0000

The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we’ll take a deep dive into its functionality and compare the sample we captured with the one described in the past.

Categories:

Tags: avzhan Bot botnet ddos drive-by attack exploit kit malware

(Read more…)

The post Avzhan DDoS bot dropped by Chinese drive-by attack appeared first on Malwarebytes Labs.

MalwareBytes Security

Drive-by download campaign targets Chinese websites, experiments with exploits

February 22, 2018 admin Chinese, coinhive, drive-by, EK, exploit kit, Exploits, Flash Player, Internet Explorer, svchost.exe, Threat analysis

Credit to Author: Jérôme Segura| Date: Thu, 22 Feb 2018 16:00:00 +0000

This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.

Categories:

Threat analysis

Tags: Chinese coinhive drive-by EK exploit kit exploits Flash Player Internet Explorer svchost.exe

MalwareBytes Security

Encryption 101: a malware analyst’s primer

February 20, 2018 admin 101, encryption, ransomware, Threat analysis

Credit to Author: Vasilios Hioureas| Date: Tue, 20 Feb 2018 21:53:13 +0000

A primer on encryption mechanisms and how they are exploited by malware authors, including an introduction to encryption and the main methods used to encrypt ransomware.

Categories:

Threat analysis

Tags: 101 encryption ransomware

(Read more…)

The post Encryption 101: a malware analyst’s primer appeared first on Malwarebytes Labs.

MalwareBytes Security

Drive-by cryptomining campaign targets millions of Android users

February 12, 2018 admin Android, Bot, CAPTCHA, coinhive, crypto mining, cryptomining, drive-by, Threat analysis

Credit to Author: Jérôme Segura| Date: Mon, 12 Feb 2018 14:00:24 +0000

Android users have been exposed to drive-by cryptomining in one of the largest campaigns that we have detected so far.

Categories:

Threat analysis

Tags: Android Bot CAPTCHA coinhive crypto mining cryptomining drive-by

MalwareBytes Security

New Mac cryptominer distributed via a MacUpdate hack

February 2, 2018 admin cryptominer, cryptomining, Mac, mac malware, MacUpdate, Platypus, Threat analysis

Credit to Author: Thomas Reed| Date: Fri, 02 Feb 2018 21:20:01 +0000

A new Mac cryptocurrency miner, called OSX.CreativeUpdate, was being distributed from the MacUpdate website, in the guise of known apps such as Firefox.

Categories:

Tags: cryptominer cryptomining mac mac malware MacUpdate Platypus

MalwareBytes Security

GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)

February 2, 2018 admin exploit kits, Exploits, gandcrab, gandcrab ransomware, grandsoft, ransomware, RIG, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Tue, 30 Jan 2018 23:43:52 +0000

Ransomware may have slowed its growth but is still a go-to payload for threat actors looking to monetize drive-by download attacks. The latest attempt: GandCrab ransomware.

Categories:

Tags: exploit kits gandcrab gandcrab ransomware grandsoft ransomware RIG

MalwareBytes Security

Scarab ransomware: new variant changes tactics

January 31, 2018 admin malware, Necurs malspam, ransomware, ransomware variant, Scarab, scarabey, Threat analysis

Credit to Author: vhioureas| Date: Wed, 31 Jan 2018 22:28:22 +0000

We’ve found that a variant of the Scarab ransomware, called Scarabey, is distributed via a different technique, with a different payload code, and a new target: Russia.

Scarabey, like most ransomware, is designed to demand a Bitcoin payment from its victims after encrypting files on their systems. However, instead of being distributed via Necurs malspam like the original Scarab, Scarabey was found targeting Russian users and being distributed via RDP/manual dropping on servers and systems.

Categories:

Tags: Necurs malspam ransomware ransomware variant Scarab scarabey

(Read more…)

The post Scarab ransomware: new variant changes tactics appeared first on Malwarebytes Labs.