Avast discovered an exploit for CVE-2021-38003 was used in the wild to attack Dota 2 players. This exploit achieved remote code execution on other players' machines by taking advantage of Dota's usage of an outdated V8 version. In response to Avast's findings, Valve patched the vulnerability on...
Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.
Parrot TDS is a new Traffic Direction System that is using tens of thousands of compromised websites. The TDS provides bad actors access to carry out malicious activity via the infected sites.
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
Introduction On September 15, 2021 the National Games of China began in the Chinese city of Shaanxi. It is an event similar if not identical to the Olympics, but only hosts athletes from China. Earlier in September, our colleague David Álvarez found a malware sample with a suspicious file extension...
Avast has found a targeted attack on a small US federal government commission. Despite the fact that they did not cooperate with us, we were able to analyze two files involved in this attack.
Follow us in our journey analyzing Mongolian certificate authority breach and certificate client backdoored with Cobalt Strike.
New malware strain we discovered could be the reason why your antivirus doesn’t work anymore. Especially if you have installed some popular software from not so legal distribution recently
Three measures of exploits, one of vulnerable drivers, half a measure of Delphi. Shake it very well until it's ice-cold, then add a large thin slice of VMProtect. Got it?
We discovered that the Download Studio torrent client and three adblockers surreptitiously deployed the FakeMBAM backdoor through automatic updates. We reverse engineered this backdoor and describe its inner workings in this blog post.