<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:akaploun

Recent Posts

The Agile Mole

Ransomware, to this day, is one of the major threats to individual users seen on a daily basis in the form of Malspam. Recently, researcher Brad Duncan published to malware-traffic-analysis.net a report on a piece of Ransomware called Mole. Distributed by Malspam that spoofs United States Postal Service (USPS) status updates, the malware gains privilege escalation and encrypts user data.

Read More

Share this:

OilRig: Another Attack Wave Hits

Another attack wave directed at Israeli Organizations was reported by Morphisec and Palo Alto Networks on April 27th. OilRig was initially discovered in May 2016, after two attack waves targeting financial institutions and technology organizations in Saudi Arabia were detected. OilRig is attributed to an Iranian APT cyber group, its namesake stemming from the Farsi word "Nafti," (Oily) also hardcoded into a number of analyzed malware samples discovered in 2016.

Read More

Share this:

Knock-Knock! Who’s There? ... NoTrove.

 

Internet-based advertising has been in wide use since the early 21st century. Its popularity grew in 2010 with the development of programmatic advertising. (Also referred to as automated advertainment) Here, you pay per ad view, which can be maliciously misused by counting machines and bots as actual viewers. Additional types of malicious use include accumulating web traffic and selling it to web traffic brokers, or engaging this traffic in semi-malicious programs like PUP. (Potentially Unwanted Programs)

Read More

Share this:

Dimnie: Targeting the Unexpected

 

GitHub is a platform used to share any type of code. For this reason, it’s an important part of research and information sharing within the cyber security field. Because it’s a part of this environment, it’s inevitable that malicious actors will try to infect users’ platforms with malware.

Read More

Share this:

Nebula EK: The Rising Exploit Kit Variant

Read More

Share this:

EITest – The Long Living Campaign

EITest is a campaign initially discovered in 2014 by Malwarebytes. It distributes malware (that uses iframes) through a flash file on a compromised site, followed by exploitation through an Exploit Kit. In the past, this campaign was used to distribute malware including Cerber, CryptoMix, CryptoShield, Gootkit and the Chthonic banking Trojan, all using various types of Exploit Kits.

Read More

Share this:

CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

CryptXXX and SoakSoak are huge threats individually.

Read More

Share this:

One Email: Countless Phishing Domains

We often analyze indictors of phishing-related compromise from techhelplist.com. These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

Read More

Share this:

Switcher Android Malware - The Road From Android App to Hijacking DNS Server

One of the most recent campaigns highlighting the importance of router security is Mirai (The botnet that had large scale attacks by infected IoT devices). Even before this, reports emphasized the importance and vulnerability of these devices. For example, Report by Malware Researcher Kafeine revealed the use of an exploit kit aimed to exploit routers. This method showed Google Chrome users were redirected to a malicious server that loaded code designed to determine router models. (While changing the DNS servers configured to the router)

Read More

Share this:

Operation Emmental\SmsSecurity

The evolving threats targeted at mobile devices and the increasing number of campaigns targeted at financial institutions have joined forces and become a double threat in what have become known as the  The Emmental campaign. 

Read More

Share this: