Since March of 2022 we’ve seen a gradual uptick in Adobe Acrobat Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL. The significant rise over the recent months caught our attention as it is very unusual behavior for Adobe.  ..read more

Cyber threats are nothing new. I remember back in the late 80s my brother and I managed to infect our parents' x86 computer with a ping pong virus which simply placed an annoying ping pong ball on the screen which would tenaciously bounce around the screen and annoy the crap out of whoever is trying to work on the computer ..read more

SunCrypt is a RaaS (Ransomware as a Service) group that was first seen in October 2019, and was one of the first groups to apply triple extortion* tactics to their attacks. Unlike other RaaS groups, SunCrypt runs a small and closed affiliate program. The first version of this ransomware was written in GO, but after C and C++ versions were released in mid-2020, the group became much more active. SunCrypt mostly affects the Services, Technology, and Retail industries. Our researchers recently identified an updated version of this ransomware which includes additional capabilities.  ..read more

This is the second of a series of blog posts covering some of the more common evasion techniques used by malware developers. Feel free to visit the first post dealing for what is arguably the most widely used technique—sandbox evasion. As mentioned in our previous post, modern malware doesn't break out and wreak havoc the moment it lands in your network. Instead, it usually employs a number of techniques in order to remain undetected by various security tools protecting the network.  This post discusses the "Living off the Land" technique ..read more

We’ve barely started March 2022, but according to LockBit’s 2.0 Onion website, they have already successfully targeted over 100 different organizations so far ..read more

As Russia began its initial offensive into Ukraine, another kind of attack unfolded inside Ukrainian networks. A destructive wave of wiper malware attacks began corrupting files in hundreds of computer systems, rendering the systems themselves unusable ..read more

Virtual patching is a highly effective technique for countering zero-day threats, i.e., stealthy cyber threats designed to exploit system and application vulnerabilities that software vendors have yet to release a patch for. In this post, we explain what virtual patching is, why it’s essential for effective threat prevention, and what virtual patching method works best in most scenarios ..read more

MyloBot was first detected in 2018 and was one of the most evasive Botnets at the time.  According to various reports, it incorporated different techniques such as:  ..read more

At Minerva we are proud of our products and believe in their ability to put malware to bed. That’s why we were happy to hear that we scored high marks in a recently published research paper that compared the performance of 31 top endpoint security products. Let’s review the details of the study, how Minerva Armor performed, and offer some insights on the findings ..read more

We have often observed threat actors using legitimate software for dropping malicious files. This time however is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection.  ..read more