Threat analysis – Page 7 – Computer Security Articles

Mac malware intercepts encrypted web traffic for ad injection

October 24, 2018 admin Adware, Mac, Mac adware, MacOS, malware, MITM, Threat analysis

Credit to Author: Thomas Reed| Date: Wed, 24 Oct 2018 15:00:43 +0000

New Mac malware has been found that intercepts encrypted traffic for the purpose of injecting ads into web pages. But could this adware be used for more devious purposes in the future?

Categories:

Tags: adware mac Mac adware macOS malware mitm

MalwareBytes Security

Fake browser update seeks to compromise more MikroTik routers

October 12, 2018 admin coinhive, exploit, Exploits, MikroTik, miner, router security, RouterOS, routers, Threat analysis, WinBox

Credit to Author: Malwarebytes Labs| Date: Fri, 12 Oct 2018 15:00:06 +0000

Threat actors are social engineering users with a fake update that, once installed, will scan the Internet in an attempt to exploit vulnerable MikroTik routers.

Categories:

Tags: coinhive exploit MiKroTik miner router security RouterOS routers WinBox

MalwareBytes Security

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

September 26, 2018 admin anti exploit, CVE-2018-8174, CVE-2018-8373, exploit, Exploits, Indicators of compromise, IOC, IOCs, Pastebin, patch, quasar, Rat, remote administration tool, Threat analysis, virustotal, vulnerabilities, Vulnerability

Credit to Author: Jérôme Segura| Date: Wed, 26 Sep 2018 17:13:26 +0000

A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks.

Categories:

Tags: anti exploit CVE-2018-8174 CVE-2018-8373 exploit Indicators of compromise IOC IOCs pastebin patch Quasar rat remote administration tool virustotal vulnerabilities vulnerability

MalwareBytes Security

Mass WordPress compromises redirect to tech support scams

September 20, 2018 admin bitcoin, Bitcoin Code, browlock, Indicators of compromise, injections, JavaScript, Social engineering, tech support scams, Threat analysis, TSS, wordpress, Zues

Credit to Author: Jérôme Segura| Date: Thu, 20 Sep 2018 17:42:47 +0000

Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.

Categories:

Tags: bitcoin Bitcoin Code browlock Indicators of compromise injections JavaScript tech support scams TSS wordpress Zues

MalwareBytes Security

Mac App Store apps are stealing user data

September 7, 2018 admin Adware Doctor, Adware Medic, App Store, apple, Dr. Antivirus, Mac, Mac App Store, MacOS, Malwarebytes for Mac, Mobile, PUP, RAR file, Threat analysis

Credit to Author: Thomas Reed| Date: Fri, 07 Sep 2018 17:08:24 +0000

There are several apps in the Mac App Store that are collecting data about users that they should not be collecting. Here’s what you need to know.

Categories:

Tags: Adware Doctor Adware Medic App Store Apple Dr. Antivirus mac Mac App Store macOS Malwarebytes for Mac Mobile PUP RAR file

(Read more…)

The post Mac App Store apps are stealing user data appeared first on Malwarebytes Labs.

MalwareBytes Security

Reversing malware in a custom format: Hidden Bee elements

August 30, 2018 admin custom malware, hidden bee, hidden bee miner, malware, payload, reverse engineering, reversing malware, Threat analysis

Credit to Author: hasherezade| Date: Thu, 30 Aug 2018 15:41:34 +0000

When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look.

Categories:

Tags: custom malware hidden bee hidden bee miner payload reverse engineering reversing malware

MalwareBytes Security

Fileless malware: getting the lowdown on this insidious threat

August 29, 2018 admin file history, fileless infections, fileless malware, fileless malware attacks, Kovter, magnitude EK, malware, poweliks, Powershell, Ram, SamSam, samsam ransomware, semi-fileless, SOC team, Threat analysis, windows

Credit to Author: Vasilios Hioureas| Date: Wed, 29 Aug 2018 16:48:35 +0000

In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.

Categories:

Tags: file history fileless infections fileless malware fileless malware attacks kovter magnitude EK poweliks powershell RAM samsam samsam ransomware semi-fileless SOC team windows

MalwareBytes Security

Process Doppelgänging meets Process Hollowing in Osiris dropper

August 13, 2018 admin dropper, kronos, malware, osiris, Osiris dropper, process doppleganging, Threat analysis, Trojan

Credit to Author: hasherezade| Date: Mon, 13 Aug 2018 18:29:57 +0000

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

Categories:

Tags: dropper kronos osiris Osiris dropper process doppleganging trojan