This is part one in a series of posts that focus on understanding Visual Basic 6.0 (VB6) code, and the tactics and techniques both malware authors and researchers use around it.
Attacks on computer systems are constantly evolving. To be more flexible human operators sometimes get involved in the attacks. This is especially common for high value targets. As the human operator can use normal tools already installed on the target system, this can result in so-called “file...
One specific malware family emphasizes how easy it can be to lose your cryptocurrency coins. It is called HackBoss - a simple yet very effective malware that has possibly stolen over $560,000 USD from the victims so far. And it’s mainly being spread via Telegram.
One of the goals of malware authors is to keep their creation undetected by antivirus software. One possible solution for this are crypters. A crypter encrypts a program, so it looks like meaningless data and it creates an envelope for this encrypted program also called a stub. This stub looks like...
Forum Advertisement MassLogger is an information stealer, first sold in hacking forums around April 2020. The malware author claims it to be the “most powerful logger and recovery tool” which costs $99 USD worth of Bitcoin for a lifetime license. MassLogger is highly configurable and gives its...
This blog post brings more technical details on CacheFlow: a threat that we first reported about in December 2020. We described a huge campaign composed of dozens of malicious Chrome and Edge browser extensions with more than three million installations in total.
Introduction This summer, Avast discovered a new APT campaign targeting government agencies and a National Data Center of Mongolia. We consider with moderate confidence based on our research that the chinese-speaking APT group LuckyMouse is behind the attack. The APT group planted...
After peeling away the MehCrypter’s layers in the first part of our blog series, we felt there was no other choice than to deep dive even further into the Meh password stealer payload and all its functionalities
We discovered that the Download Studio torrent client and three adblockers surreptitiously deployed the FakeMBAM backdoor through automatic updates. We reverse engineered this backdoor and describe its inner workings in this blog post.