Last fall, APT malware intrusions targeting high-profile companies in Central Asia caught our attention. A few months later, we began working together with fellow malware analysts from ESET to analyze samples used by the group to spy on a telecommunications company, a gas company, and a...
CoViper is a new wiper malware family taking advantage of the COVID-19 crisis. The wiper breaks an infected computer’s boot operation, by rewriting the Master Boot Record (MBR) located on the computer’s disk.
Router exploit kits are very popular in Brazil, and late November we noticed a spike in the number of URLs blocked by Avast’s Web Shield. Taking a closer look, two landing pages, targeting Brazilians, hosting the GhostDNS router exploit kit used to carry out cross-site request forgery (CSRF)...
WiryJMPer is a seemingly ordinary dropper with unusual obfuscation. It uses two benign binaries with superfluous jumps and dead branches sandwiched between the binaries to hide its virtual machine, protecting its Netwire payload.
Recently, FaceApp was widely discussed on the Internet, because the company behind it is Russian, and the app requests permission to access, among other things, photos. It is clear that FaceApp is not malicious, although it raises valid privacy concerns. However, is this just a special case, or...
Cheap GPS trackers can come handy in every situation, for your car, relatives, kids. But it turns out that many of them share the same flaws. Unsecured communications, default passwords and cloud environment that is far from secure.
Mysterious dropper Almaq has caught our attention being a very specific .NET malware that was created and distributed only to attack two particular servers. Almaq is so tailor-made for exactly those two servers it contains servers' credentials and internal directory structure information...
Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is...
Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money...