Notes from the life of the reverse engineering wizards
Router exploit kits are very popular in Brazil, and late November we noticed a spike in the number of URLs blocked by Avast’s Web Shield. Taking a closer look, two landing pages, targeting Brazilians, hosting the GhostDNS router exploit kit used to...
WiryJMPer is a seemingly ordinary dropper with unusual obfuscation. It uses two benign binaries with superfluous jumps and dead branches sandwiched between the binaries to hide its virtual machine, protecting its Netwire payload.
Recently, FaceApp was widely discussed on the Internet, because the company behind it is Russian, and the app requests permission to access, among other things, photos. It is clear that FaceApp is not malicious, although it raises valid privacy...
Cheap GPS trackers can come handy in every situation, for your car, relatives, kids. But it turns out that many of them share the same flaws. Unsecured communications, default passwords and cloud environment that is far from secure.
Mysterious dropper Almaq has caught our attention being a very specific .NET malware that was created and distributed only to attack two particular servers. Almaq is so tailor-made for exactly those two servers it contains servers' credentials and...
Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the...
Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates...
High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present...
For several months now, we have been tracking malware called Guildma. Guildma is powerful combination of a RAT (remote access tool), spyware, password stealer and banker malware, mainly distributed via malicious attachments in phishing email...
Have you ever wondered how AI is used in cybersecurity? Join us at the end of October for a conference about new advances in machine learning. You will see how AI can help protect people against the bad guys on the Internet – a goal we trully...