<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:threatstopvt

Recent Posts

Astrum EK: The Star of the AdGholas Campaign

Astrum Exploit Kit, also known as Stegano, was (until recently) exclusively used in the massive AdGholas malvertising campaign, where it distributed several types of malware, including Ursnif and RAMNIT. The AdGholas campaign, discovered in the summer of 2016, was notable for its use of steganography to hide malicious JavaScript code in ads that redirected victims to a cloned version of a legitimate website.

Read More

Share this:

Terror EK Fails to Scare

After the fall of the popular Angler and Neutrino exploit kits, several different exploit kits have been vying for dominance in the resulting power vacuum.

Read More

Share this:

Kasidet POS Malware Spread Through Fake Security Update

Kasidet (also known as Neutrino Bot) is a malware targeting Point of Sale (POS) devices that performs memory scraping to steal credit card information and browser hooking to steal sensitive data from web browsers on infected devices.

Read More

Share this:

Jaff Ransomware Is Nothing to Laugh About

Jaff ransomware is very similar to other "standard" ransomware in its use of AES encryption to encrypt its victim's files. It’s attributed to the creators of Dridex, Locky and Bart, and has been spreading in high volume through the Necurs botnet. Read More

Share this:

Steam Stealers Game the System

Steam Stealers is the blanket name given to malware specifically targeting users of the popular gaming platform, Steam.

Read More

Share this:

Darktrack on Track to Success

Darktrack received some publicity in late 2016 for being a free Remote Access Trojan (RAT) that was comparable to some of the top commercially available RATs. Darktrack has the ability to access a victim's webcam, microphone, files, and passwords. It can also execute commands on infected machines, and make infected computers participate in DDoS attacks.

Read More

Share this:

Operation Cloud Hopper Jumps Into View

Operation Cloud Hopper, uncovered by researchers at BAE Systems and PwC, was a cyberespionage campaign by APT10 (also known as Red Apollo and the menuPass Team) that targeted IT managed service providers (MSPs) in order to steal their clients' corporate data.

Read More

Share this:

Magic Hound Sniffs Out Trouble

 

Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.

Read More

Share this:

Locky Back in Action

Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.

Read More

Share this:

The “TelePort Crew” Evolves from Carbanak

The "Digital Plagiarist" campaign, dubbed by researchers at the tr1adx team, was run by the "TelePort Crew” and appears to be an evolution of the Carbanak cybercrime group. This group is infamous for a large-scale campaign against banks, leading to the 2015 theft of hundreds of millions of dollars and the Carbanak/Anunak malware that targets point of sale machines.

Read More

Share this: