On January 25, 2022, a victim of a ransomware attack reached out to us for help. The extension of the encrypted files and the ransom note indicated the TargetCompany ransomware (not related to Target the store), which can be decrypted under certain circumstances. Modus Operandi of the TargetCompany...
Introduction On September 15, 2021 the National Games of China began in the Chinese city of Shaanxi. It is an event similar if not identical to the Olympics, but only hosts athletes from China. Earlier in September, our colleague David Álvarez found a malware sample with a suspicious file extension...
Chaes, a threat group operates solely in Brazil, compromised hundreds of WordPress webpages to serve malicious installers which is the starting point of an interesting infection chain.
In this posting, we go over what web skimming attacks are and how they work. We then analyze a series of web skimming attacks that we found which were active from March 2021 to the present. These attacks abused the Google Tag Manager...
Avast has found a targeted attack on a small US federal government commission. Despite the fact that they did not cooperate with us, we were able to analyze two files involved in this attack.
CoinHelper is a family of AutoIt droppers which provides a massive coinmining campaign. The malware is being spread in a form of a bundle with another software, being it game cheats, cracked software, or even clean installers such as Google Chrome, Microsoft Office, AV products, and many others.
Based on Jiří Vinopal's published analysis and found weaknesses in the AtomSilo and LockFile ransomware strains, we created free Avast decryptor for both of them. Read and download.
MyKings is a long-standing and relentless botnet which has been active from at least 2016. Our research has shown that, since 2019, the operators behind MyKings have amassed at least $24 million USD (and likely more) in the Bitcoin, Ethereum, and Dogecoin.
Firebase is Google’s mobile and web app development platform. Developers can use Firebase to facilitate developing mobile and web apps, especially for the Android mobile platform. At the end of July 2021 we did research into open Firebase instances. In that research, we found about 180,300 Firebase...
One of the goals of malware authors is to keep their creation undetected by antivirus software. One possible solution for this are crypters. A crypter encrypts a program, so it looks like meaningless data and it creates an envelope for this encrypted program also called a stub. This stub looks like...