Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.

Nao_sec provides cyber security research dedicated to Exploit Kits. In campaigns that include Exploit Kits, landing pages with malicious code are used in an attempt to exploit a specific vulnerability on the victim's device.

Certain versions of Xshell contain a backdoor that could allow for data exfiltration.

Point of Sale (POS) malware is a growing field of concern for the retail industry. From the large scale attack on Target in 2014 to smaller attacks that are going unreported. POS malware is an evolving field of study for security researchers.

It's not unusual for brands to occasionally have to re-envision themselves. Apparently this applies to legitimate and illicit brands equally.

Hancitor Downloader has seen many campaigns this year. Malware-Traffic-Analysis, a security research blog operated by Brad Duncan, has published over 40 related articles since the beginning of 2017. Each article covers malspam delivering the downloader, with no sign of the campaigns' wavering.

A cyber group attributed to Chinese APT activity has used the downloader ZeroT  since February 2016, as reported by Proofpoint in 2017.

In the rapid cycle rise and disappearance of malware campaigns, there are only a few campaigns that last for several years. One of these, is the El Machete malware, which was first discovered by Kaspersky, and is thought to have been active since 2010.

DiamondFox, also known as Gorynych, is a modular malware that highlights the growth of the malware-as-a-service industry. With accessible how-to videos on YouTube showing aspiring cybercriminals how to set up DiamondFox and a user-friendly interface, it’s easy to see how this malware allows even the least sophisticated attacker to potentially compromise victims.

Come see our Sr. Director of Security Research, Irena Damsky, break down WannaCry's timeline and give an overview of what happened at M3AAWG's 40th General Meeting on Tuesday, June 13th, 17:30 - 18:30, in Lisbon, Portugal.