Threat analysis – Page 14 – Computer Security Articles

GandCrab ransomware distributed by RIG and GrandSoft exploit kits

January 30, 2018 admin exploit kits, Exploits, gandcrab, gandcrab ransomware, grandsoft, ransomware, RIG, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Tue, 30 Jan 2018 23:43:52 +0000

Ransomware may have slowed its growth but is still a go-to payload for threat actors looking to monetize drive-by download attacks. The latest attempt: GandCrab ransomware.

Categories:

Tags: exploit kits gandcrab gandcrab ransomware grandsoft ransomware RIG

MalwareBytes Security

New Chrome and Firefox extensions block their removal to hijack browsers

January 18, 2018 admin blocked, chrome, extensions, Firefox, malware, normal removal, Pieter Arntz, Threat analysis

Credit to Author: Pieter Arntz| Date: Thu, 18 Jan 2018 16:00:00 +0000

Two new extensions in Firefox and Chrome force install then hide from the user. Learn how you can protect yourself against them and remove them manually.

Categories:

Tags: blocked chrome extensions firefox normal removal Pieter Arntz

MalwareBytes Security

A coin miner with a “Heaven’s Gate”

January 17, 2018 admin coin miners, Heaven's Gate, malware, malware analysis, Threat analysis

Credit to Author: hasherezade| Date: Wed, 17 Jan 2018 16:00:00 +0000

The Heaven’s Gate technique has been around since 2009. But now coin miners are using it to maximize their performance in the target architecture.

Categories:

Tags: coin miners Heaven’s Gate malware analysis

(Read more…)

The post A coin miner with a “Heaven’s Gate” appeared first on Malwarebytes Labs.

MalwareBytes Security

RIG exploit kit campaign gets deep into crypto craze

January 9, 2018 admin bitcoin, Bytecoin, cryptocurrency, cryptominers, cryptomining, drive-by downloads, Drive-by mining, Electroneum, exploit kits, malvertising, malware, monero, Ngay, RIG EK, Threat analysis

Credit to Author: Jérôme Segura| Date: Tue, 09 Jan 2018 17:11:16 +0000

We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more recently via a campaign dubbed Ngay.

Categories:

Tags: bitcoin Bytecoin cryptocurrency cryptominers cryptomining drive-by downloads Drive-by mining Electroneum exploit kits malvertising monero Ngay RIG EK

MalwareBytes Security

Napoleon: a new version of Blind ransomware

December 8, 2017 admin Blind ransomware, decryption, LeChiffre ransomware, malware, Napoleon ransomware, ransomware, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Fri, 08 Dec 2017 17:00:15 +0000

The ransomware previously known as Blind has been spotted recently with a .napoleon extension and a bug fix that means files can no longer be decrypted by victims. In this post, we’ll analyze the sample for its structure, behavior, and distribution method.

Categories:

Tags: Blind ransomware decryption LeChiffre ransomware Napoleon ransomware ransomware

(Read more…)

The post Napoleon: a new version of Blind ransomware appeared first on Malwarebytes Labs.

MalwareBytes Security

Interesting disguise employed by new Mac malware HiddenLotus

December 8, 2017 admin apple, file quarantine, hiddenlotus, Mac, Mac applications, mac malware, MacOS, Threat analysis

Credit to Author: Thomas Reed| Date: Fri, 08 Dec 2017 16:00:22 +0000

A new piece of Mac malware called HiddenLotus is using a clever new trick to fool users into opening it.

Categories:

Tags: Apple file quarantine hiddenlotus mac Mac applications mac malware macOS

MalwareBytes Security

Seamless campaign serves RIG EK via Punycode (updated)

December 5, 2017 admin Exploits, phishing, Punycode, ramnit, Ramnit Trojan, RIG, RIGEK, Seamless, Threat analysis, Trojan

Credit to Author: Jérôme Segura| Date: Mon, 04 Dec 2017 22:48:49 +0000

The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.

Categories:

Tags: phishing Punycode ramnit Ramnit Trojan RIG RIGEK Seamless trojan

MalwareBytes Security

Seamless campaign serves RIG EK via Punycode

December 4, 2017 admin Exploits, phishing, Punycode, ramnit, Ramnit Trojan, RIG, RIGEK, Seamless, Threat analysis, Trojan

Credit to Author: Jérôme Segura| Date: Mon, 04 Dec 2017 22:48:49 +0000

The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.

Categories:

Tags: phishing Punycode ramnit Ramnit Trojan RIG RIGEK Seamless trojan

(Read more…)

The post Seamless campaign serves RIG EK via Punycode appeared first on Malwarebytes Labs.