We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process...
Introduction The Go programming language is becoming more and more popular. One of the reasons being that Go programs can be compiled for multiple operating systems and architectures in a single binary self containing all needed dependencies. Based on these properties, and as we expected, we...
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are...
The TaRRaK ransomware appeared in June of 2021. This ransomware contains many coding errors, so we decided to publish a small blog about them. Samples of this ransomware were spotted in our user base, so we also created a decryptor for this ransomware. Skip to instructions on how to use the TaRRaK...
Our threat hunters have been busy searching for abuse of the recently-released zero-day remote code execution bug in Microsoft Office (CVE-2022-30190). As part of their investigations, they found evidence of a threat actor hosting malicious payloads on what appears to be an Australian VOIP...
Cyberwarfare between Ukraine and Russia Foreword The first quarter of 2022 is over, so we are here again to share insights into the threat landscape and what we’ve seen in the wild. Under normal circumstances, I would probably highlight mobile spyware related to the Beijing 2022 Winter...
Certishell deploys coinminers, remote access tools (RATs) and ransomware on machines in Czechia and Slovakia hidden within illegal copies of games, tools and music.
Technical analysis of the Zloader botnet which was recently brough to court for a takedown operation and prosecution of its authors.
Parrot TDS is a new Traffic Direction System that is using tens of thousands of compromised websites. The TDS provides bad actors access to carry out malicious activity via the infected sites.
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.