Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…VirusTotal Multisandbox += Sangfor ZSand
VirusTotal multisandbox project welcomes Sangfor ZSand. The ZSand currently focuses on PE files,with extensions to other popular file types like javascript and Microsoft office to be released soon. In their own words: ZSand, developed by Sangfor Technologies’ Cloud Computing & Security Team, is an agentless behavioral analysis engine incorporating multiple innovative techniques. At the systems […] more…The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their […] more…Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova from the Stratosphere Laboratory. They detected the trojan by monitoring HtBot malicious proxy network. The botnet targets Russian banks, with the victim count at over 800,000 users at the time the study was published in […] more…Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of […] more…More information
- Distributor caught selling Apple customers’ data
- Cybercriminals Hop On the Google Project Glass Bandwagon
- Virtual Web Hosting Upgrade
- Microsoft Internet Explorer CVE-2014-4083 Remote Memory Corruption Vulnerability
- San Bernardino prosecutor raises concerns about ‘cyber pathogen’ in terrorist’s iPhone
- S3 Ep44: Unreported holes, retro computing, and tech support for malware [Podcast]
- Sony hackers turn to terror tactics, threaten movie theaters
- S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]
- Wireless controller software upgrade
- World Backup Day – are your important files backed up?