Malware July 2, 2019

Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

8 min read - IBM X-Force researchers discovered, reverse engineered and reconstructed AVLay, a remote access Trojan that mixes DLL hijacking with a legitimate executable borrowed from various antivirus programs.

Malware July 1, 2019

Taking Over the Overlay: Reverse Engineering a Brazilian Remote Access Trojan (RAT)

6 min read - X-Force researchers discovered a new remote access Trojan variant that mixes Dynamic Link Library (DLL) hijacking with a legitimate executable borrowed from various antivirus programs.

June 17, 2019

Threat Actors Use Targeted Attack Tools to Distribute Cryptocurrency Miners, Ransomware

2 min read - Threat actors are using targeted attack tools to distribute typical malware, such as cryptocurrency miners and ransomware.

June 10, 2019

Malvertising Campaign Infects Users With Buran Ransomware Via the RIG Exploit Kit

2 min read - A malvertising campaign is redirecting users to the RIG exploit kit, which then attempts to infect them with a new ransomware called Buran.

June 3, 2019

New HiddenWasp Linux Malware Focused Solely on Achieving Targeted Remote Control

< 1 min read - A new threat called HiddenWasp is different from other Linux malware in that it's focused solely on achieving targeted remote control of infected hosts.

Advanced Threats May 16, 2019

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

4 min read - In an operation crowned "unprecedented," Europol and the DOJ joined forces and successfully dismantled what was left of the GozNym cybercrime gang that attempted to steal well over $100 million.

May 14, 2019

Pirate Chick Poses as VPN Tool, Secretly Installs Malicious Payloads

2 min read - Malicious actors are bundling a Trojan called Pirate Chick, which looks like a virtual private network (VPN) software tool, into adware to install malware on infected machines.

May 8, 2019

Barium Group Using Backdoors in Trusted Software to Wage Supply Chain Attacks

2 min read - A threat group known as Barium is exploiting trusted software updates and apps to conduct a wave of supply chain attacks, which could affect more than 1 million users around the world.

May 7, 2019

Retefe Banking Trojan Returns With Smoke Loader as Its Intermediate Loader

2 min read - The Retefe banking Trojan has resumed its activity with a new series of attack campaigns that leverage Smoke Loader as an intermediate loader.

April 29, 2019

Latest Emotet Variant Wielding Connected Devices as First-Layer C&C Servers

2 min read - A new variant of the Emotet banking malware is using compromised connected devices as first-layer command-and-control (C&C) servers.