Forum Advertisement MassLogger is an information stealer, first sold in hacking forums around April 2020. The malware author claims it to be the “most powerful logger and recovery tool” which costs $99 USD worth of Bitcoin for a lifetime license. MassLogger is highly configurable and gives its...
This blog post brings more technical details on CacheFlow: a threat that we first reported about in December 2020. We described a huge campaign composed of dozens of malicious Chrome and Edge browser extensions with more than three million installations in total.
After peeling away the MehCrypter’s layers in the first part of our blog series, we felt there was no other choice than to deep dive even further into the Meh password stealer payload and all its functionalities
We discovered that the Download Studio torrent client and three adblockers surreptitiously deployed the FakeMBAM backdoor through automatic updates. We reverse engineered this backdoor and describe its inner workings in this blog post.
We turned a coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware. While we could, could someone else do it too?
I recently discovered a large campaign of HiddenAds on the Google Play Store, spreading via gaming apps. The initial discovery was made through an apklab.io automated detection that was based on similar features of a previous HiddenAds campaign that was present on the Play Store. Upon further...
Last time you heard that there are many GPS trackers unsecured and available on the internet. But that was just a glimpse of the issue and one particular vendor. Join me on my journey to the place where the rabbit hole leads.
WiryJMPer is a seemingly ordinary dropper with unusual obfuscation. It uses two benign binaries with superfluous jumps and dead branches sandwiched between the binaries to hide its virtual machine, protecting its Netwire payload.
Cheap GPS trackers can come handy in every situation, for your car, relatives, kids. But it turns out that many of them share the same flaws. Unsecured communications, default passwords and cloud environment that is far from secure.
Our mobile threat intelligence platform flagged three beauty apps that have ugly consequences. Over 2 million devices have downloaded these apps. In February 2019, Avast’s mobile threat intelligence platform (MTIP), apklab.io, discovered a number of “selfie beauty apps” on the Google...