Threat analysis – Page 19 – Computer Security Articles

EternalPetya – yet another stolen piece in the package?

June 30, 2017 admin attribution, EternalPetya, hasherezade, hexedit, janus, malware, Malwarebytes, NotPetya, NSA, Petya, psexec, ransomware, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Fri, 30 Jun 2017 16:53:36 +0000

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags: attribution EternalPetya hasherezade hexedit janus Malwarebytes NotPetya NSA petya psexec ransomware

MalwareBytes Security

EternalPetya and the lost Salsa20 key

June 29, 2017 admin EternalPetya, malware, Petya, ransomware, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Thu, 29 Jun 2017 16:39:24 +0000

The latest Petya seems to be broken on purpose: the victims’ keys are lost forever.

Categories:

Tags: EternalPetya petya ransomware

(Read more…)

The post EternalPetya and the lost Salsa20 key appeared first on Malwarebytes Labs.

MalwareBytes Security

The numeric Tech Support Scam campaign

June 13, 2017 admin eitest, exploit kit, malvertising, SCAM, Social engineering, tech support, tech support scam, Threat analysis, TSS

Credit to Author: Jérôme Segura| Date: Tue, 13 Jun 2017 14:00:21 +0000

A new tech support scam campaign is being pushed in lieu of exploit kits. We take a look at its distribution method and how it is able to bring browsers to their knees.

Categories:

Tags: eitest exploit kit malvertising scam Social Engineering tech support tech support scam TSS

(Read more…)

The post The numeric Tech Support Scam campaign appeared first on Malwarebytes Labs.

MalwareBytes Security

LatentBot piece by piece

June 8, 2017 admin hasherezade, latentbot, malware, malwarebytes labs, RIG EK, Threat analysis

Credit to Author: Malwarebytes Labs| Date: Thu, 08 Jun 2017 15:00:53 +0000

LatentBot is a multi-modular Trojan written in Delphi and known to have been around since 2013. Recently, we captured and dissected a sample distributed by RIG Exploit Kit. In this post we will describe its modules by taking apart several layers of obfuscation and encryption in order to reveal their true nature.

Categories:

Tags: hasherezade latentbot malwarebytes labs RIG EK

(Read more…)

The post LatentBot piece by piece appeared first on Malwarebytes Labs.

MalwareBytes Security

The worm that spreads WanaCrypt0r

May 12, 2017 admin malware, microsoft, NHS, NHS WanaCryptor, nhs wannacryptor, ransomware, Threat analysis, Wana Decrptor, WanaCrypt0r, Wcry, windows

Credit to Author: Zammis Clark| Date: Fri, 12 May 2017 22:02:24 +0000

WanaCrypt0r is a ransomware infection that has spread through many corporate networks. Read a technical analysis of the worm that allowed it to do this.

Categories:

Tags: microsoft NHS NHS WanaCryptor nhs wannacryptor ransomware Wana Decrptor WanaCrypt0r Wcry windows

(Read more…)

The post The worm that spreads WanaCrypt0r appeared first on Malwarebytes Labs.

MalwareBytes Security

HandBrake hacked to drop new variant of Proton malware

May 8, 2017 admin apple phishing, backdoor, Eric Petit, handbrake hack, Mac, mac backdoor, malware, phish, proton, Threat analysis

Credit to Author: Thomas Reed| Date: Mon, 08 May 2017 17:04:43 +0000

The website of the popular HandBrake DVD-ripping app has been hacked, and for 4 days, a maliciously-modified copy of the app was installing a new variant of the mysterious Proton malware.

Categories:

Tags: apple phishing backdoor Eric Petit handbrake hack mac mac backdoor malware phish proton