Process Doppelgänging meets Process Hollowing in Osiris dropper

Credit to Author: hasherezade| Date: Mon, 13 Aug 2018 18:29:57 +0000

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.

Categories:

Tags:

(Read more…)

The post Process Doppelgänging meets Process Hollowing in Osiris dropper appeared first on Malwarebytes Labs.

Read more

Osiris dropper found using process doppelgänging

Credit to Author: hasherezade| Date: Thu, 09 Aug 2018 18:52:57 +0000

Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpack the code to show how malware authors used this process.

Categories:

Tags:

(Read more…)

The post Osiris dropper found using process doppelgänging appeared first on Malwarebytes Labs.

Read more

A new ransom-miner malware campaign emerging in wild!

Credit to Author: Preksha Saxena| Date: Tue, 10 Jul 2018 12:16:26 +0000

Since the past few weeks, Quick Heal Security Labs has been observing a series of interesting malware blocked at our customer end. The further analysis of the malware ‘t.exe’ revealed that the malware seems to be Trojan dropper. Interestingly, this multipurpose malware is downloading a ransomware component, a crypto-mining malware…

Read more

Fake Fortnite for Android links found on YouTube

Credit to Author: Nathan Collier| Date: Wed, 20 Jun 2018 19:00:41 +0000

The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android. Spoiler alert: they’re fake.

Categories:

Tags:

(Read more…)

The post Fake Fortnite for Android links found on YouTube appeared first on Malwarebytes Labs.

Read more

An in-depth malware analysis of QuantLoader

Credit to Author: Malwarebytes Labs| Date: Wed, 28 Mar 2018 16:00:00 +0000

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we’ll take a high-level look at the campaign flow, as well as a deep dive into how the malware executes.

Categories:

Tags:

(Read more…)

The post An in-depth malware analysis of QuantLoader appeared first on Malwarebytes Labs.

Read more

Bogus hack apps hack users back for cryptocash

Credit to Author: Nathan Collier| Date: Wed, 07 Feb 2018 19:30:00 +0000

Recently, we discovered a gold mine of fake hack apps that mine for Monero cryptocurrency and serve up annoying adware.

Categories:

Tags:

(Read more…)

The post Bogus hack apps hack users back for cryptocash appeared first on Malwarebytes Labs.

Read more

Lo lo lo Loapi Trojan could break your Android

Credit to Author: Nathan Collier| Date: Tue, 19 Dec 2017 18:43:17 +0000

Loapi Trojan discovered on Android devices—a downloader, dropper, adware app, and SMS Trojan all in one—could literally blow up your phone. Read on to learn how to protect against it.

Categories:

Tags:

(Read more…)

The post Lo lo lo Loapi Trojan could break your Android appeared first on Malwarebytes Labs.

Read more

Seamless campaign serves RIG EK via Punycode (updated)

Credit to Author: Jérôme Segura| Date: Mon, 04 Dec 2017 22:48:49 +0000

The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.

Categories:

Tags:

(Read more…)

The post Seamless campaign serves RIG EK via Punycode (updated) appeared first on Malwarebytes Labs.

Read more

Seamless campaign serves RIG EK via Punycode

Credit to Author: Jérôme Segura| Date: Mon, 04 Dec 2017 22:48:49 +0000

The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.

Categories:

Tags:

(Read more…)

The post Seamless campaign serves RIG EK via Punycode appeared first on Malwarebytes Labs.

Read more

A week in security (November 20 – November 26)

Credit to Author: Malwarebytes Labs| Date: Mon, 27 Nov 2017 19:25:39 +0000

Learn what happened in the world of security during the week of November 20 to November 26.

Categories:

Tags:

(Read more…)

The post A week in security (November 20 – November 26) appeared first on Malwarebytes Labs.

Read more

Week in security (November 20 – November 26)

Credit to Author: Malwarebytes Labs| Date: Mon, 27 Nov 2017 19:25:39 +0000

Learn what happened in the world of security during the week of November 20 to November 26.

Categories:

Tags:

(Read more…)

The post Week in security (November 20 – November 26) appeared first on Malwarebytes Labs.

Read more