Sophisticated Ransomware : “Katyusha”

Credit to Author: Ghanshyam More| Date: Fri, 14 Dec 2018 10:59:58 +0000

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not…

Read more

A week in security (September 10 – 16)

Credit to Author: Malwarebytes Labs| Date: Mon, 17 Sep 2018 15:56:14 +0000

A roundup of the security news from September 10–16, including omnichannel fraud, ways to get back at scammers, the security of 2FA, and partnerstrokas.

Categories:

Tags:

(Read more…)

The post A week in security (September 10 – 16) appeared first on Malwarebytes Labs.

Read more

Process Doppelgänging meets Process Hollowing in Osiris dropper

Credit to Author: hasherezade| Date: Mon, 13 Aug 2018 18:29:57 +0000

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

Categories:

Tags:

(Read more…)

The post Process Doppelgänging meets Process Hollowing in Osiris dropper appeared first on Malwarebytes Labs.

Read more

Osiris dropper found using process doppelgänging

Credit to Author: hasherezade| Date: Thu, 09 Aug 2018 18:52:57 +0000

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpack the code to show how malware authors used this process.

Categories:

Tags:

(Read more…)

The post Osiris dropper found using process doppelgänging appeared first on Malwarebytes Labs.

Read more

A new ransom-miner malware campaign emerging in wild!

Credit to Author: Preksha Saxena| Date: Tue, 10 Jul 2018 12:16:26 +0000

Since the past few weeks, Quick Heal Security Labs has been observing a series of interesting malware blocked at our customer end. The further analysis of the malware ‘t.exe’ revealed that the malware seems to be Trojan dropper. Interestingly, this multipurpose malware is downloading a ransomware component, a crypto-mining malware…

Read more

Fake Fortnite for Android links found on YouTube

Credit to Author: Nathan Collier| Date: Wed, 20 Jun 2018 19:00:41 +0000

The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android. Spoiler alert: they’re fake.

Categories:

Tags:

(Read more…)

The post Fake Fortnite for Android links found on YouTube appeared first on Malwarebytes Labs.

Read more

An in-depth malware analysis of QuantLoader

Credit to Author: Malwarebytes Labs| Date: Wed, 28 Mar 2018 16:00:00 +0000

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we’ll take a high-level look at the campaign flow, as well as a deep dive into how the malware executes.

Categories:

Tags:

(Read more…)

The post An in-depth malware analysis of QuantLoader appeared first on Malwarebytes Labs.

Read more

Bogus hack apps hack users back for cryptocash

Credit to Author: Nathan Collier| Date: Wed, 07 Feb 2018 19:30:00 +0000

Recently, we discovered a gold mine of fake hack apps that mine for Monero cryptocurrency and serve up annoying adware.

Categories:

Tags:

(Read more…)

The post Bogus hack apps hack users back for cryptocash appeared first on Malwarebytes Labs.

Read more