Anti-Malware Research
StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure
Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to ...
SSH-Targeting Golang Bots Becoming the New Norm
Bitdefender researchers have recently found an increasing number of SSH-targeting bots written in Golang. Traditionally, popular malware is written in C, C++ and Perl, and it’s rare that we see attackers creating ...
BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool
In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter, the Advanced Persistent Threat group (also known as APT-C-08) has been active both in desktop and mobile malware campaigns ...
Banking Trojan Metamorfo Hijacks Trusted Apps to Run Malware
Bitdefender researchers Janos Gergo SZELES and Ruben Andrei CONDOR have documented a new Metamorfo campaign that uses legitimate software components to compromise computers. Metamorfo is a family of banker Trojans that has ...
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia
Bitdefender researchers have found attacks conducted by the Chafer APT threat group – known to have an apparent Iranian link – in the Middle East region, dating back to 2018. The campaigns ...
Android Malware in COVID-19 Clothes Steals SMS and Contacts
Criminals are using an old certificate to sign a malware that takes advantage of the COVID-19 pandemic situation, preying on people’s need for information. The goal is to steal personal data, including ...
Mandrake – owning Android devices since 2016
In early 2020 we identified a new, highly sophisticated Android espionage platform that had been active in the wild for at least 4 years. We named the threat Mandrake as the actor(s) ...
Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic
With healthcare systems under constant strain amid the SARS-CoV-2 global pandemic, hospitals and healthcare facilities around the world have also been hit by a wave of cyberattacks, including ransomware attacks. While officials ...
GoGoogle Decryption Tool
We’re happy to announce the availability of a new decryptor for GoGoogle (aka BossiTossi) ransomware. This family of ransomware is written in Go and generates encrypted files with the .google extension. Spotted ...
Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate
A group of sophisticated threat actors known as OceanLotus or PhantomLance has recently become known for disseminating advanced Android threats via official and third-party marketplaces since 2014. They have sought to remotely ...