Malware from fake recruiters
G Data CyberDefense Blog
by
1w ago
Fake recruiters are currently on the hunt for CVs – and also your data. Reports have emerged about malware being put into work assignments that supposedly test a candidate’s technical skills.       ..read more
Visit website
An honest mistake - and a cautionary tale
G Data CyberDefense Blog
by
1M ago
We all make mistakes. That is only natural. However, there are cases in which these mistakes can have unexpected consequences. A Twitter user recently found this out the hard way. The ingredients: a cheap USB-C adapter with a network connection, an internet connection and a sandbox.       ..read more
Visit website
New I2PRAT communicates via anonymous peer-to-peer network
G Data CyberDefense Blog
by
2M ago
Criminals try to cover their tracks as best they can. This also includes hiding any activities that control the machines they have compromised. Using I2P is one way of doing that, but until recently this has rarely been used.       ..read more
Visit website
Malware Analysis: A Kernel Land Rootkit Loader for FK_Undead
G Data CyberDefense Blog
by
2M ago
We discovered a Windows rootkit loader [F1] for the malware family FK_Undead. The malware family is known for intercepting user network traffic through manipulation of proxy configurations. To the best of our knowledge the rootkit loader hasn't been officially analyzed before. As required by any Windows kernel driver, the rootkit loader is validly signed with the Microsoft Windows Hardware Compatibility Publisher certificate (see thumbprint [T1]). It is compatible with different Windows versions and protected with VMProtect.       ..read more
Visit website
Malware by the (Bit)Bucket: Unveiling AsyncRAT
G Data CyberDefense Blog
by
4M ago
Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket.       ..read more
Visit website
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell
G Data CyberDefense Blog
by
5M ago
We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib.       ..read more
Visit website
Sandbox scores are not an antivirus replacement
G Data CyberDefense Blog
by
5M ago
Automatic sandbox services should not be treated like "antivirus scanners" to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an "overall score" or "verdict" is misleading.       ..read more
Visit website
Ailurophile: New Infostealer sighted in the wild
G Data CyberDefense Blog
by
6M ago
We discovered a new stealer in the wild called '"Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the website's web panel, its customers are provided the ability to customize and generate malware stubs.       ..read more
Visit website
Opinion: More layers in malware campaigns are not a sign of sophistication
G Data CyberDefense Blog
by
6M ago
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so?       ..read more
Visit website
SocGholish: Fake update puts visitors at risk
G Data CyberDefense Blog
by
7M ago
The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the latest developments, which targets Wordpress based websites.       ..read more
Visit website

Follow G Data CyberDefense Blog on FeedSpot

Continue with Google
Continue with Apple
OR