Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

In October 2019, we encountered a phishing campaign delivering a malicious Microsoft Word document that distributed ransomware with a twist. Unlike most ransomware families, such as GandCrab, WannaCry and RobinHood, the malware ...
Buran Ransomware Targets German Organisations through Malicious Spam Campaign

Buran Ransomware Targets German Organisations through Malicious Spam Campaign

Introduction As of October 2019, commodity ransomware campaigns conducted by financially motivated threat actors pose a significant threat to organisations. The three distinguishing characteristics of such campaigns are: first, they are usually ...

Avast Researcher Helps Expose Banking Botnet Geost | Avast

| | Threat Research
A bunch of coworkers on Skype chat about the good old days, how much money they make now, and sagging morale. “I am getting demotivated, and do not want to do anything,” ...
Reawakening of Emotet: An Analysis of its JavaScript Downloader

Reawakening of Emotet: An Analysis of its JavaScript Downloader

In mid-September 2019, Emotet resumed its activity and we evaluated changes to its operation in a previous blog post by Alex Holland. One of the noticeable changes is that some of the ...
Changes to Emotet in September 2019

Changes to Emotet in September 2019

Thank you to Ratnesh Pandey who also contributed to this research. On 16 September 2019, Bromium Labs observed the resumption of Emotet malicous spam (malspam) campaign activity following a hiatus since the ...

Flashlight Apps on Google Play Request Up to 77 Permissions, Avast Finds | Avast

| | Privacy, Threat Research
Avast researchers have found that Android flashlight applications request an average of 25 permissions to access data or features on mobile devices, potentially exposing users in unnecessary ways ...
Avast Discovers Security Flaws in over 600k GPS Trackers

Avast Finds Child Trackers Unsecured From Hackers | Avast

Avast researchers have discovered serious security vulnerabilities in some 600,000 child trackers for sale on Amazon.com and other large online merchants. The devices expose data sent to the cloud, including the exact ...
Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Introduction For a malicious actor to compromise a system, they need to avoid being detected at the point of entry into the target’s network. Commonly, phishing emails delivering malicious attachments (T1193) serve ...

Avast Works With France And US To Stop Cryptomining | Avast

| | Threat Research
Avast researchers have worked with French and U.S. law enforcement to stop 850,000 infections by a “worm” – or malware that replicates – by causing the threat to destroy itself ...
Agent Tesla: Evading EDR by Removing API Hooks

Agent Tesla: Evading EDR by Removing API Hooks

Written by Toby Gray and Ratnesh Pandey. Endpoint detection and response (EDR) tools rely on operating system events to detect malicious activity that is generated when malware is run. These events are ...
Loading...