Jupyter Infostealer Blog-1

The introduction of the Jupyter InfoStealer/Backdoor

| | Morphisec Labs, zero-day
An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a larger task such as a Banking ... Read More
Qakbot-Two-New-Techniques

QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal

| | Malware, Morphisec Labs
Morphisec Labs has tracked a massive maldoc campaign delivering the QakBot/QBot banking trojan, starting earlier this month. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. In this post we will mention two of those interesting techniques ... Read More
FEATURED-Obfuscated VBScript-Analysis

Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea ... Read More
FEATURED-Ursnif-2020-06-01

Ursnif/Gozi Delivery — Old School Excel Macro 4.0 Utilization Uptick and the OCR Heuristics Bypass

Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery methods will many times involve old-school Excel 4.0 macro functionality, which historically is a blind spot for AV detection ... Read More
FEATURED-Ursnif-2020-06-01

Ursnif/Gozi Delivery – Excel Macro 4.0 Utilization Uptick & OCR Bypass

Ursnif/Gozi Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery methods will many times involve old-school Excel 4.0 macro functionality, which historically is a blind spot for AV ... Read More
GuLoader Spotted in an Attack on a Major Bank

GuLoader: The RAT Downloader

Guloader is a downloader that has been widely used from December 2019. Several security researchers have identified the downloader in the wild, signifying that it has quickly gained popularity among threat actors. When it first appeared, GuLoader was used to download Parallax RAT, but has been applied to other remote ... Read More
FEATURED-Parallax Rat

Parallax: The New RAT on the Block

Following the increase in Parallax RAT campaigns -- the new RAT on the block, Morphisec Labs decided to release more technical details on some of the latest campaigns that the Morphisec Unified Threat Prevention Platform intercepted and prevented on our customer’s sites ... Read More
FEATURED-Trickbot WSReset UAC Bypass

Trickbot Trojan Leveraging a New Windows 10 UAC Bypass

| | Morphisec Labs
The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news articles from President Trump’s impeachment trial have been used to hide Trickbot ... Read More
Trickbot eCommerce 2019-12-19

Trickbot Returns in a New eCommerce Shopping Campaign

A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weekend ... Read More
Threat Alert: GermanWiper

Threat Alert: GermanWiper

Last week, a new strain of ransomware hit dozens of targets across Germany. The categorization as ransomware is really a misnomer as, while the attackers do demand a ransom, by that time the victim’s data has already been irreversibly wiped, even if the ransom is paid ... Read More