Threat analysis – Page 4 – Computer Security Articles

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

May 15, 2019 admin Anti-Ransomware, crysis, dharma, malware, ransom, ransomware, RDP, rdp access, Threat analysis

Credit to Author: Pieter Arntz| Date: Wed, 15 May 2019 16:02:13 +0000

CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Categories:

Tags: Anti-Ransomware crysis dharma malware ransom ransomware rdp rdp access

MalwareBytes Security

Exploit kits: spring 2019 review

May 14, 2019 admin EKs, exploit kits, Exploits, Fallout, Magnitude, RIG, Router EK, Spelevo, Threat analysis, Underminer

Credit to Author: Jérôme Segura| Date: Tue, 14 May 2019 15:57:05 +0000

In this edition, we review active and unique exploit kits hitting consumers and businesses over the spring season.

Categories:

Tags: EKs exploit kits Fallout Magnitude RIG Router EK Spelevo Underminer

(Read more…)

The post Exploit kits: spring 2019 review appeared first on Malwarebytes Labs.

MalwareBytes Security

“Funky malware format” found in Ocean Lotus sample

April 19, 2019 admin APT 32, atypical malware formats, BLOB, Cab, custom format, malware, malware format, ocean lotus, Threat analysis, Vietnam

Credit to Author: hasherezade| Date: Fri, 19 Apr 2019 23:00:52 +0000

Recently, one of our researchers presented at the SAS conference on “Funky malware formats”—atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.

Categories:

Tags: APT 32 atypical malware formats BLOB CAB custom format malware format ocean lotus Vietnam

MalwareBytes Security

Funky malware format found in Ocean Lotus sample

April 19, 2019 admin APT 32, atypical malware formats, BLOB, Cab, custom format, malware, malware format, ocean lotus, Threat analysis, Vietnam

Credit to Author: hasherezade| Date: Fri, 19 Apr 2019 18:37:54 +0000

Categories:

Tags: APT 32 atypical malware formats BLOB CAB custom format malware format ocean lotus Vietnam

(Read more…)

The post Funky malware format found in Ocean Lotus sample appeared first on Malwarebytes Labs.

MalwareBytes Security

Say hello to Baldr, a new stealer on the market

April 9, 2019 admin Baldr, criminals, information stealer, spyware, stealer, stealer functionality, Threat analysis, unpacking code

Credit to Author: Malwarebytes Labs| Date: Tue, 09 Apr 2019 15:00:13 +0000

Baldr is a new stealer that is being actively developed and distributed. Will it be able to compete in this crowded arena?

Categories:

Tags: Baldr information stealer spyware stealer stealer functionality threat analysis unpacking code

(Read more…)

The post Say hello to Baldr, a new stealer on the market appeared first on Malwarebytes Labs.

MalwareBytes Security

Plugin vulnerabilities exploited in traffic monetization schemes

March 26, 2019 admin ad fraud, criminals, Easy WP STMP, hacked, malvertising, plugins, scams, skimmer, Social Warfare, Threat analysis, traffic, WordPress GDPR

Credit to Author: Jérôme Segura| Date: Tue, 26 Mar 2019 15:00:00 +0000

The latest round of vulnerable WordPress plugins leads to an active traffic monetization campaign via hacked websites.

Categories:

Tags: ad fraud Easy WP STMP hacked malvertising plugins scams skimmer Social Warfare traffic WordPress GDPR

MalwareBytes Security

The Advanced Persistent Threat files: Lazarus Group

March 12, 2019 admin APT, criminals, Lazarus, NORTH KOREA, Threat analysis

Credit to Author: William Tsing| Date: Tue, 12 Mar 2019 16:27:02 +0000

Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here’s what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.

Categories:

Tags: APT Lazarus North Korea

MalwareBytes Security

Spotlight on Troldesh ransomware, aka ‘Shade’

March 6, 2019 admin decryptor, decryptors, malware, ransom.troldesh, ransomware, ransomware remediation, shade, Threat analysis, threat spotlight, Troldesh

Credit to Author: Pieter Arntz| Date: Wed, 06 Mar 2019 16:00:00 +0000

Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it’s been successful against businesses in the first few months of 2019.

Categories:

Tags: decryptor decryptors ransom.troldesh ransomware ransomware remediation shade threat spotlight Troldesh

(Read more…)

The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.