CoViper is a new wiper malware family taking advantage of the COVID-19 crisis. The wiper breaks an infected computer’s boot operation, by rewriting the Master Boot Record (MBR) located on the computer’s disk.
Router exploit kits are very popular in Brazil, and late November we noticed a spike in the number of URLs blocked by Avast’s Web Shield. Taking a closer look, two landing pages, targeting Brazilians, hosting the GhostDNS router exploit kit used to carry out cross-site request forgery (CSRF)...
WiryJMPer is a seemingly ordinary dropper with unusual obfuscation. It uses two benign binaries with superfluous jumps and dead branches sandwiched between the binaries to hide its virtual machine, protecting its Netwire payload.
Recently, FaceApp was widely discussed on the Internet, because the company behind it is Russian, and the app requests permission to access, among other things, photos. It is clear that FaceApp is not malicious, although it raises valid privacy concerns. However, is this just a special case, or...
Cheap GPS trackers can come handy in every situation, for your car, relatives, kids. But it turns out that many of them share the same flaws. Unsecured communications, default passwords and cloud environment that is far from secure.
Mysterious dropper Almaq has caught our attention being a very specific .NET malware that was created and distributed only to attack two particular servers. Almaq is so tailor-made for exactly those two servers it contains servers' credentials and internal directory structure information...
Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is...
Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money...
High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on...