Malware Watch - W/E - 1/25/19
Additional Insight Provided into the Emotet Trojan (01/23/2019)
Trend Micro published further details on the Emotet Trojan to explain the malware's multi-layer operating mechanisms. The scientists observed Emotet's document droppers and packed executable samples, noticing time patterns, periods of inactivity, and instances when the malware was used more than 20 times per day.
Trend Micro published further details on the Emotet Trojan to explain the malware's multi-layer operating mechanisms. The scientists observed Emotet's document droppers and packed executable samples, noticing time patterns, periods of inactivity, and instances when the malware was used more than 20 times per day.
Anatova Ransomware Offers Sophisticated Tactics (01/23/2019)
Anatova, a ransomware family discovered by McAfee, has modular code that can be altered for modular extension. Additionally, the malware will check if network-shares are connected and will encrypt the files on these shares. Each Anatova sample has its own unique key, which McAfee researchers say shows that the malware's authors are highly skilled.
Anatova, a ransomware family discovered by McAfee, has modular code that can be altered for modular extension. Additionally, the malware will check if network-shares are connected and will encrypt the files on these shares. Each Anatova sample has its own unique key, which McAfee researchers say shows that the malware's authors are highly skilled.
DarkHydrus Leverages Google Drive for C2 Purposes (01/21/2019)
The DarkHydrus adversary is using Google Drive for its command and control (C2) purposes, the research team at Palo Alto Networks has discovered. The scientists reviewed three DarkHydrus delivery documents installing a new variant of the RogueRobin Trojan. Upon in-depth investigation, the team noted that RogueRobin uses the Google Drive cloud service for its C2 channel.
The DarkHydrus adversary is using Google Drive for its command and control (C2) purposes, the research team at Palo Alto Networks has discovered. The scientists reviewed three DarkHydrus delivery documents installing a new variant of the RogueRobin Trojan. Upon in-depth investigation, the team noted that RogueRobin uses the Google Drive cloud service for its C2 channel.
Fallout EK Doles Out GandCrab as It Exploits Patched Flash Vulnerability (01/21/2019)
The Fallout exploit kit (EK) has returned with a new weapon in its arsenal - delivering the GandCrab ransomware as a payload. Malwarebytes researchers observed the EK pushing out GandCrab beginning on January 15. In addition, Fallout has added a Flash exploit, which Adobe patched on December 5.
The Fallout exploit kit (EK) has returned with a new weapon in its arsenal - delivering the GandCrab ransomware as a payload. Malwarebytes researchers observed the EK pushing out GandCrab beginning on January 15. In addition, Fallout has added a Flash exploit, which Adobe patched on December 5.
Global Project Smashes 100,000 Malware Distribution Sites in 10 Month Period (01/22/2019)
A community project called URLhaus launched in March 2018 and has since taken down nearly 100,000 malware distribution sites. The project consists of 265 researchers worldwide identifying and submitting malicious URLs and removing an average of 300 malware sites per day. Approximately two-thirds of these malicious sites were hosted in either the US or China, URLhaus said in a blog post. The project was launched by abuse.ch.
A community project called URLhaus launched in March 2018 and has since taken down nearly 100,000 malware distribution sites. The project consists of 265 researchers worldwide identifying and submitting malicious URLs and removing an average of 300 malware sites per day. Approximately two-thirds of these malicious sites were hosted in either the US or China, URLhaus said in a blog post. The project was launched by abuse.ch.
Razy Infects Browser Extensions to Mine Cryptocurrency (01/24/2019)
A cryptominer that installs a malicious browser extension on its victim's computer or infects an already installed extension disables the integrity check for installed extensions and automatic updates for the targeted browser. The malware, known as Razy, was first encountered by Kaspersky Lab, which noted that the miner works with Chrome, Firefox, and the Yandex Browser. Razy spreads via advertising blocks on Web sites and is distributed from free file-hosting services under the guise of legitimate software.
A cryptominer that installs a malicious browser extension on its victim's computer or infects an already installed extension disables the integrity check for installed extensions and automatic updates for the targeted browser. The malware, known as Razy, was first encountered by Kaspersky Lab, which noted that the miner works with Chrome, Firefox, and the Yandex Browser. Razy spreads via advertising blocks on Web sites and is distributed from free file-hosting services under the guise of legitimate software.