FEATURED-Ursnif-2020-06-01

Ursnif/Gozi Delivery — Old School Excel Macro 4.0 Utilization Uptick and the OCR Heuristics Bypass

Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery methods ...
FEATURED-Ursnif-2020-06-01

Ursnif/Gozi Delivery – Excel Macro 4.0 Utilization Uptick & OCR Bypass

Ursnif/Gozi Introduction: Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery ...
Apple Zero-Day Exploited in New BitPaymer Campaign

Apple Zero-Day Exploited in New BitPaymer Campaign

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another ...
Morphisec vs. the Microsoft CTF Exploit: Twenty Year Old Design Flaw No Match for Morphisec

Morphisec vs. the Microsoft CTF Exploit: Twenty Year Old Design Flaw No Match for Morphisec

This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back ...
Threat Alert: GermanWiper

Threat Alert: GermanWiper

Last week, a new strain of ransomware hit dozens of targets across Germany. The categorization as ransomware is really a misnomer as, while the attackers do demand a ransom, by that time ...
blogpost-image-pos-attack

Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry

During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within ...
blogpost-image-ave-maria

Threat Alert: AVE Maria infostealer on the rise with new Stealthier delivery

Over the past two weeks, Morphisec Labs has identified an increase in AVE_MARIA malware infecting victims through a variety of phishing methods. One of the downloader components and C2 metadata are similar ...