Malware Blog News(339)  - 2024  2023  2022  2021  2020  2019  2018

APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog

DATE

NAME

Info

CATEG.

WEB

21.12.24

Your Data Is Under New Lummanagement: The Rise of LummaStealer

In this Threat Analysis report, Cybereason investigates the rising activity of the malware LummaStealer.

Malware blog

Cybereason

21.12.24

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

In this Threat Analysis report, Cybereason investigates incidents relating to the Andromeda backdoor and a new cluster of C2 servers

Malware blog

Cybereason

21.12.24

Anatomy of Celestial Stealer: Malware-as-a-Service Revealed

During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is packaged either as an Electron application or as a NodeJS single application for Windows 10 and Windows 11 operating system. It is a Malware-as-a-Service (MaaS) advertised on the Telegram platform. The stealer is marketed as a FUD (fully undetectable).

Malware blog

Trelix

21.12.24

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us?

Malware blog

Trelix

2.11.24

Attackers Target Exposed Docker Remote API Servers With perfctl MalwareWe observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.Malware blog

Trend Micro

2.11.24

A Look Into Embargo Ransomware, Another Rust-based RansomwareEmbargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid. Malware blogSonicWall

2.11.24

HORUS Protector Part 1: The New Malware Distribution ServiceRecently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others. Malware blogSonicWall

2.11.24

Threat Spotlight: WarmCookie/BadSpaceWarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.Malware blogCisco Blog

2.11.24

Threat actor abuses Gophish to deliver new PowerRAT and DCRATCisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.Malware blogCisco Blog

2.11.24

Ghidra data type archive for Windows driver functionsCisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.Malware blogCisco Blog

28.9.24

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS BackdoorsUnit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT. We’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, distributor of AppleJeus). Based on our research into both RAT families, we assess that the new PondRAT is a lighter version of POOLRAT. Malware blogPalo Alto

28.9.24

Inside SnipBot: The Latest RomCom Malware VariantWe recently discovered a novel version of the RomCom malware family called SnipBot and, for the first time, show post-infection activity from the attacker on a victim system. This new strain makes use of new tricks and unique code obfuscation methods in addition to those seen in previous versions of RomCom 3.0 and PEAPOD (RomCom 4.0). Malware blogPalo Alto

28.9.24

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpyUnit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. These samples enhance Sparkling Pisces' already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities. Malware blogPalo Alto

21.9.24

Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT MalwareAuthored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are...Malware blog

McAfee

21.9.24

ESET Research Podcast: EvilVideoESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videosMalware blog

Eset

14.9.24

Earth Preta Evolves its Attacks with New Malware and StrategiesIn this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. Malware blog

Trend Micro

14.9.24

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloadsThe threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable.Malware blogCisco Blog

7.9.24

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility CommandNotorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.Malware blog

Trend Micro

7.9.24

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform IntrusionWhile monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.Malware blog

Trend Micro

7.9.24

ESET Research Podcast: HotPageESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driverMalware blog

Eset

7.9.24

In plain sight: Malicious ads hiding in search resultsSometimes there’s more than just an enticing product offer hiding behind an adMalware blog

Eset

31.8.24

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian ConfluenceTrend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.Malware blog

Trend Micro

31.8.24

AutoIT Bot Targets Gmail Accounts First

This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox.

Malware blog

SonicWall

24.8.24

MoonPeak malware from North Korean actors unveils new details on attacker infrastructureCisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”Malware blogCisco Blog

17.8.24

Mario movie malware might maliciously mess with your machineThere are probably few among us who, never have they ever, downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source. Malware blogAvast Blog

17.8.24

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure TroveCheck Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers.Malware blog

Checkpoint

10.8.24

Cloud Cover: How Malicious Actors Are Leveraging Cloud ServicesIn the past year, there has been a marked increase in the use of legitimate cloud services by attackers, including nation-state actors.Malware blogSymantec

10.8.24

Beware of Fake WinRar Websites: Malware Hosted on GitHubA fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application.Malware blog

SonicWall

3.8.24

Detecting evolving threats: NetSupport RAT campaignIn this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats.Malware blogCisco Blog

3.8.24

Phishing targeting Polish SMBs continues via ModiLoaderESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware familiesMalware blog

Eset

27.7.24

Handala’s Wiper Targets Israel

This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code.

Malware blog

Trelix

27.7.24

The tap-estry of threats targeting Hamster Kombat players

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game

Malware blog

Eset

20.7.24

Beware of BadPack: One Weird Trick Being Used Against Android DevicesThis article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files. Malware blogPalo Alto

20.7.24

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNSMuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal.Malware blogCheckpoint

20.7.24

HotPage: Story of a signed, vulnerable, ad-injecting driverA study of a sophisticated Chinese browser injector that leaves more doors open!Malware blogEset

13.7.24

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell ExecutionViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass.Malware blogTrelix

13.7.24

Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate VariantThe SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data.Malware blogSonicWall

13.7.24

DarkGate: Dancing the Samba With Alluring Excel FilesThis article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware. Malware blogPalo Alto

13.7.24

Dissecting GootLoader With Node.jsThis article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware. Malware blogPalo Alto

6.7.24

Mekotio Banking Trojan Threatens Financial Systems in Latin AmericaWe’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.Malware blogTrend Micro

6.7.24

The Hidden Danger of PDF Files with Embedded QR CodesThe SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. Malware blogSonicWall

6.7.24

Hijacked: How hacked YouTube channels spread scams and malwareHere’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platformMalware blogEset
29.6.24StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting EuropeThe SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. StrelaStealer specifically steals Outlook and Thunderbird email credentials. The infection chain looks like previous versions of StrelaStealer except major checks have been added to avoid infecting systems in Russia. We are continuing to observe its target regions limited to Poland, Spain, Italy and Germany. Malware blogSonicWall
29.6.24New Orcinius Trojan Uses VBA Stomping to Mask InfectionThis week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. It contains an obfuscated VBA macro that hooks into Windows to monitor running windows and keystrokes and creates persistence using registry keys. Malware blogSonicWall
29.6.24Attackers Exploiting Public Cobalt Strike ProfilesIn this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. Malware blogPalo Alto
29.6.24RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONSAndroid, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. Malware blogCheckpoint
29.6.24SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniquesCisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.Malware blogCisco Blog
29.6.24Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and AsiaThe new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.Malware blogCisco Blog
29.6.24Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and moreAs the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.Malware blogCisco Blog
15.6.24Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking GroupsThis blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.Malware blogTrend Micro
15.6.24DarkGate again but... Improved?DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features.Malware blogTrelix
15.6.24Operation Celestial Force employs mobile and desktop malware to target Indian entitiesCisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”Malware blogCisco Blog
15.6.24How Arid Viper spies on Android users in the Middle East – Week in security with Tony AnscombeThe spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry appMalware blogEset

1.6.24

STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILYPackers or crypters are widely used to protect malicious software from detection and static analysis.Malware blogCheckpoint

25.5.24

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binariesAvailable as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to stringsMalware blogEset

18.5.24

Payload Trends in Malicious OneNote SamplesIn this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote files. Malware blogPalo Alto

11.5.24

The hacker’s toolkit: 4 gadgets that could spell security troubleTheir innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?Malware blogEset
4.5.24It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the RiseOur telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. This article reviews how attackers use infected hosts for malware-based scans of their targets instead of the more traditional approach using direct scans. Malware blogPalo Alto
28.4.24ArcaneDoor - New espionage-focused campaign found targeting perimeter network devicesArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.Malware blogCisco Blog
28.4.24Suspected CoralRaider continues to expand victimology using three information stealersTalos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.Malware blogCisco Blog
20.4.24Redline Stealer: A Novel ApproachAuthored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was...Malware blogMcafee
20.4.24OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotalThe documents contained malicious VBA code, indicating they may be used as lures to infect organizations.Malware blogCisco Blog
13.4.24Starry Addax targets human rights defenders in North Africa with new malwareCisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.Malware blogCisco Blog
13.4.24eXotic Visit includes XploitSPY malware – Week in security with Tony AnscombeAlmost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic VisitMalware blogEset
6.4.24AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIESWhen considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted. Is it worth an investigation to begin with? As it turns out, there are new discoveries with previously hidden information of valuable significance that can be built into the already-painted picture. Malware blogCheckpoint
6.4.24MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUXIn recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. Malware blogCheckpoint
6.4.24Adversaries are leveraging remote access tools now more than ever — here’s how to stop themWhile there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.Malware blogCisco Blog
6.4.24Malware hiding in pictures? More likely than you thinkThere is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.Malware blogEset
23.3.24Large-Scale StrelaStealer Campaign in Early 2024StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. Upon a successful attack, the threat actor would gain access to the victim's email login information, which they can then use to perform further attacks.Malware blogPalo Alto
23.3.24Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and PreventionThis article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sandstorm) is a known espionage group that has previously targeted the aerospace and energy sectors.Malware blogPalo Alto
23.3.24Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader BackdoorThis article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP).Malware blogPalo Alto
23.3.24AceCryptor attacks surge in Europe – Week in security with Tony AnscombeThe second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RATMalware blogEset
23.3.24Rescoms rides waves of AceCryptor spamInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countriesMalware blogEset
23.3.24A prescription for privacy protection: Exercise caution when using a mobile health appGiven the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive dataMalware blogEset
17.3.24Inside the Rabbit Hole: BunnyLoader 3.0 UnveiledThis article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims. Malware blogPalo Alto
2.3.24The Art of Domain Deception: Bifrost's New Tactic to Deceive UsersFirst identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. In this article, along with exploring Bifrost, we’ll also showcase a notable spike in Bifrost’s Linux variants during the past few months.Malware blogPalo Alto
2.3.24TimbreStealer campaign targets Mexican users with financial luresTalos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.Malware blogCisco Blog
25.2.24Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaignsSince September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.Malware blogCisco Blog
10.2.24RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYSTwo new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.Malware blogCheckpoint
10.2.24New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organizationTalos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”Malware blogCisco Blog
4.2.24Exploring the Latest Mispadu Stealer VariantUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. We discovered this threat activity while hunting for the SmartScreen CVE-2023-36025 vulnerability. Malware blogPalo Alto
4.2.24Exploring malicious Windows drivers (Part 1): Introduction to the kernel and driversMalicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.Malware blogCisco Blog
4.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsMalware blogEset
4.2.24ESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyMalware blogEset

20.1.24

Parrot TDS: A Persistent and Evolving Malware CampaignThis campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. Malware blogPalo Alto

14.1.24

Tackling Anti-Analysis Techniques of GuLoader and RedLine StealerMalware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine.Malware blogPalo Alto

14.1.24

.NET HOOKING – HARMONIZING MANAGED TERRITORYFor a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. Malware blogCheckpoint