Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
Certishell deploys coinminers, remote access tools (RATs) and ransomware on machines in Czechia and Slovakia hidden within illegal copies of games, tools and music.
CoinHelper is a family of AutoIt droppers which provides a massive coinmining campaign. The malware is being spread in a form of a bundle with another software, being it game cheats, cracked software, or even clean installers such as Google Chrome, Microsoft Office, AV products, and many others.
New malware strain we discovered could be the reason why your antivirus doesn’t work anymore. Especially if you have installed some popular software from not so legal distribution recently
Three measures of exploits, one of vulnerable drivers, half a measure of Delphi. Shake it very well until it's ice-cold, then add a large thin slice of VMProtect. Got it?
Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is...
Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money...
High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on...
Will Coinhive’s end lead to the end of browser-based cryptomining and cryptojacking? Cryptojacking stole the limelight away from ransomware at the end of 2017, becoming a major cyberthreat that continued into 2018. On March 8, 2019 Coinhive, the service that enables websites around the...
Hackers mine Monero using visitors’ browsers without their knowledge Update Monday, January 29, 2018 4:00 PM CET: Arenavision reached out to Avast on Twitter, claiming their site was hacked on January 16, 2018. Avast reexamined the JQuery file and can confirm the site is now clean and does not...