CoinHelper is a family of AutoIt droppers which provides a massive coinmining campaign. The malware is being spread in a form of a bundle with another software, being it game cheats, cracked software, or even clean installers such as Google Chrome, Microsoft Office, AV products, and many others.
Latest Avast Q3’21 Threat Report reveals elevated risk for ransomware and RAT attacks, rootkits and exploit kits return. Let us share with you more details about emerging threats...
The DirtyMoe is delivered by the PurpleFox exploit kit as the MSI installer package. The MSI installer is a popular way to deploy malware because it supports multiple configurations based on different Windows versions, all within one package.
Based on Jiří Vinopal's published analysis and found weaknesses in the AtomSilo and LockFile ransomware strains, we created free Avast decryptor for both of them. Read and download.
MyKings is a long-standing and relentless botnet which has been active from at least 2016. Our research has shown that, since 2019, the operators behind MyKings have amassed at least $24 million USD (and likely more) in the Bitcoin, Ethereum, and Dogecoin.
BluStealer (a310logger) is is a crypto stealer, keylogger, and document uploader written in Visual Basic that loads C#.NET hack tools to steal credentials.
The Windows kernel allows loading drivers signed with revoked certificates. The DirtyMoe driver is also signed with revoked certificates that are moreover widely abused in other malware. Motivated by these facts, this article analyzes the mechanism of how Windows manages certificate revocation...
Firebase is Google’s mobile and web app development platform. Developers can use Firebase to facilitate developing mobile and web apps, especially for the Android mobile platform. At the end of July 2021 we did research into open Firebase instances. In that research, we found about 180,300 Firebase...
The DirtyMoe malware is a complex malicious backdoor employing various self-protection and anti-forensics mechanisms. One of the more significant safeguards is a rootkit. The next article of the DirtyMoe series explains rootkit functionality in detail.