Trickbot module descriptions
Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially the theft of online banking data. However, over time, its […] more…QakBot technical analysis
Main description QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans around the globe. Its […] more…Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
By RonJay Caragay, Fe Cureg, Ian Lagrazon, Erika Mendoza, and Jay Yaneza (Threats Analysts) Adware isn’t new and they don’t spark much interest. A lot of them are overlooked and underestimated because they’re not supposed to cause harm — as its name suggests, adware is advertising-supported software. However, we have constantly observed suspicious activities caused […] more…Shlayer Trojan attacks one in ten macOS users
For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into […] more…Keeping a Hidden Identity: Mirai C&Cs in Tor Network
By Makoto Shimamura, Cyber Threat Research Team With its notoriety for being one of the most active internet of things (IoT) malware families, Mirai is one malware family system administrators consistently keep their eye on to make sure systems and devices are protected. Despite all the attention that the malware has received, it seems cybercriminals […] more…Yara Used to RickRoll Security Researchers
For most security researchers, Yara, a tool that allows them to create their own set of rules for malware tracking, is an invaluable resource that helps automate many processes. However, despite Yara’s reliability, it shouldn’t be the only tool used to monitor new versions of malware. This article will show why. There are many resources […] more…A flawed ransomware encryptor
In the middle of last year, my colleagues published a blogpost about a new generation of ransomware programs based on encryptor Trojans, and used the example of the Onion family (also known as CTB-Locker) to analyze how these programs work. Last autumn, we discovered the first sample of an interesting new encryptor, TorLocker (this is […] more…More information
- Critical Vulnerabilities Patched in OpenText Enterprise Content Management System
- Argentina Orders Facebook to Suspend WhatsApp Data Sharing
- Microsoft Edge CVE-2018-8425 Spoofing Vulnerability
- F5 Networks Names Mike Convertino as Company’s First CISO
- How to survive multiple-hat security syndrome
- Thousands could launch Sony-style cyber attack, says ex-hacker
- Game apps under fire from consumer law makers
- “Glowworm attack” recovers audio from devices’ power LEDs
- Big tech boys take aim at Singapore rules
- Cisco general counsel: US Government has overreached, and should not interfere with the lawful delivery of our products