Malware Misuses Common Operating System Commands to Perform Targeted Attacks
We previously posted a blog about the Ursnif family of malware using language checks to determine the end user’s location as a means of bypassing sandbox-based endpoint protection during regionally targeted attacks. Since then, we have seen a couple more examples of malware using clever methods to indirectly determine the ... Read More
Malware Debugs Itself to Prevent Analysis
We recently encountered a piece of malware via a tweet, which caught our eye because it appeared to be searching for folders related to our product. During analysis we discovered that this malware employs a novel technique to prevent reverse engineering via a debugger, and we felt that it was ... Read More
Location-Aware Malware Targets Japanese and Korean Endpoints
New malware samples use location awareness to specifically target Japanese and Korean endpoints. The malware uses two techniques to determine the location in which it is being executed and ensures that the payload will only be triggered in these regions. This approach matches two trends: 1) docs performing regional checks ... Read More
Dissecting the POP SS Vulnerability
The newly uncovered POP SS vulnerability takes advantage of a widespread misconception about behaviour of pop ss or mov ss instructions resulting in exceptions when the instruction immediately following is an interrupt. It is a privilege escalation, and as a result it assumes that the attacker has some level of ... Read More
