Unveiling a Target and Multi-Stage Malware Attack
On August 21, 2024, a new malware spreading through phishing pages was identified. This malware appears as part of a campaign impersonating the Altice corporation….
Categoria: reverse engineering
Luna ransomware encrypts Windows, Linux and ESXi systems
Ransomware is making headlines daily. New samples are introducing new techniques, more sophistication, and anti-detection techniques to hide their detection from the cybersecurity radar. One…
How AsyncRAT is escaping security defenses
AsyncRat is one of the most popular and open-source remote access trojans. This piece of malware has been used for the last few months by professionals…
How to build a hook syscall detector
Windows API calls are often hooked by AV and EDR systems by using inline patching approaches to find strange behaviors or malicious artifacts.
What is a side-channel attack?
Introduction The origin of the side-channel attack is closely related to the existence of physically observable phenomena caused by the execution of computing tasks in…
The new maxtrilha trojan is being disseminated and targeting several banks
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and…
Netwalker ransomware full analysis
Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active since September 2019. This article will detail the specific technical features of the Netwalker ransomware. We will analyze what Netwalker is, how it works, and how you can avoid falling victim to this threat.
Ragnar Locker – Malware analysis
Ragnar Locker is ransomware that affects devices running Microsoft Windows operating systems. It was initially observed towards the end of December 2019 as part of a series of attacks against compromised networks.
Secrets behind the Lazarus’s VHD ransomware
Data encryption malware is one of the most popular malware families in recent years and targets mass volumes of users and companies around the world. In this article, we will take a deep dive into a new VHD ransomware distributed in the wild by the Lazarus group — the criminals behind the WannaCry incident in 2017.
The clandestine Horus Eyes RAT: From the underground to criminals’ arsenal
The clandestine Horus Eyes RAT: From the underground to criminals’ arsenal.
A taste of the latest release of QakBot
A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007.
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware.
Lampion trojan disseminated in Portugal using COVID-19 template
The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template.
Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader
Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader.
New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader.
TroyStealer – A new info stealer targeting Portuguese Internet users
TroyStealer – A new info stealer targeting Portuguese internet users.