This blog post brings more technical details on CacheFlow: a threat that we first reported about in December 2020. We described a huge campaign composed of dozens of malicious Chrome and Edge browser extensions with more than three million installations in total.
After peeling away the MehCrypter’s layers in the first part of our blog series, we felt there was no other choice than to deep dive even further into the Meh password stealer payload and all its functionalities
We discovered that the Download Studio torrent client and three adblockers surreptitiously deployed the FakeMBAM backdoor through automatic updates. We reverse engineered this backdoor and describe its inner workings in this blog post.
Mysterious dropper Almaq has caught our attention being a very specific .NET malware that was created and distributed only to attack two particular servers. Almaq is so tailor-made for exactly those two servers it contains servers' credentials and internal directory structure information...
Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is...
Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money...
High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on...
For several months now, we have been tracking malware called Guildma. Guildma is powerful combination of a RAT (remote access tool), spyware, password stealer and banker malware, mainly distributed via malicious attachments in phishing email campaigns. The cybercriminals behind Guildma have...