Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…VirusTotal Multisandbox += Sangfor ZSand
VirusTotal multisandbox project welcomes Sangfor ZSand. The ZSand currently focuses on PE files,with extensions to other popular file types like javascript and Microsoft office to be released soon. In their own words: ZSand, developed by Sangfor Technologies’ Cloud Computing & Security Team, is an agentless behavioral analysis engine incorporating multiple innovative techniques. At the systems […] more…The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their […] more…Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova from the Stratosphere Laboratory. They detected the trojan by monitoring HtBot malicious proxy network. The botnet targets Russian banks, with the victim count at over 800,000 users at the time the study was published in […] more…Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of […] more…More information
- Microsoft Warns of Office Zero-Day Attacks, No Patch Available
- Government-backed digital money to represent $213B in payments by 2030
- Microsoft Excel CVE-2019-1446 Information Disclosure Vulnerability
- Do You Need a Threat Intelligence Team?
- ITS Alert – IBIS & ISIS – Vendor Fixes to be Applied 10/03/2013 – During the Maintenance Window 5AM-7AM
- Out-of-date Software Affects Websites Big and Small
- Microsoft confirms it’s patched most of the NSA’s Windows exploits
- 4G is vulnerable to same types of attacks as 3G, researchers say
- Adobe Experience Manager Forms CVE-2019-8089 Cross Site Scripting Vulnerability
- EU Court: Google Must Delete Inaccurate Search Info If Asked