CATEGORY ARCHIVES: threatstop-research-team

EITest – The Long Living Campaign

EITest is a campaign initially discovered in 2014 by Malwarebytes. It distributes malware (that uses iframes) through a flash file on a compromised site, followed by exploitation through an Exploit Kit. In the past, this campaign was used to distribute malware including Cerber, CryptoMix, CryptoShield, Gootkit and the Chthonic banking Trojan, all using various types of Exploit Kits.

Read More

Share this:

Magic Hound Sniffs Out Trouble

 

Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.

Read More

Share this:

Locky Back in Action

Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.

Read More

Share this:

CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

CryptXXX and SoakSoak are huge threats individually.

Read More

Share this:

One Email: Countless Phishing Domains

We often analyze indictors of phishing-related compromise from techhelplist.com. These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

Read More

Share this:

DGA Updates

wood-cube-473703_1280.jpg

In December, we introduced a target list of more than 20 malware family DGAs provided by our friends over at 360 Research Team. Continuing their great work, we are happy to integrate 7 new malware DGAs:

Read More

Share this:

The “TelePort Crew” Evolves from Carbanak

The "Digital Plagiarist" campaign, dubbed by researchers at the tr1adx team, was run by the "TelePort Crew” and appears to be an evolution of the Carbanak cybercrime group. This group is infamous for a large-scale campaign against banks, leading to the 2015 theft of hundreds of millions of dollars and the Carbanak/Anunak malware that targets point of sale machines.

Read More

Share this:

Switcher Android Malware - The Road From Android App to Hijacking DNS Server

One of the most recent campaigns highlighting the importance of router security is Mirai (The botnet that had large scale attacks by infected IoT devices). Even before this, reports emphasized the importance and vulnerability of these devices. For example, Report by Malware Researcher Kafeine revealed the use of an exploit kit aimed to exploit routers. This method showed Google Chrome users were redirected to a malicious server that loaded code designed to determine router models. (While changing the DNS servers configured to the router)

Read More

Share this:

Operation Emmental\SmsSecurity

The evolving threats targeted at mobile devices and the increasing number of campaigns targeted at financial institutions have joined forces and become a double threat in what have become known as the  The Emmental campaign. 

Read More

Share this:

ThreatSTOP security team is proud to present - Banking Malware Targets

Banking Malware steals millions of dollars from both personal and business accounts in the United States every year. Personal accounts are insured by federal banking regulations, but businesses are less protected.

Read More

Share this: