Category: Security Blog G Data Software AG

Malware by the (Bit)Bucket: Unveiling AsyncRAT

Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket. This article has been indexed from Security Blog G Data Software AG Read the original article: Malware by the (Bit)Bucket:…

Sandbox scores are not an antivirus replacement

Automatic sandbox services should not be treated like “antivirus scanners” to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an “overall score” or “verdict” is misleading. This article has been…

Ailurophile: New Infostealer sighted in the wild

We discovered a new stealer in the wild called ‘”Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the…

SocGholish: Fake update puts visitors at risk

The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…

Turla: A Master’s Art of Evasion

Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article! This article has been indexed from Security Blog G Data…

Fortinet: CVE 2024-21754: Passwords on a Silver Platter

Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords. This article has been indexed from Security Blog G Data Software AG Read the…

In Bad Company: JScript RAT and CobaltStrike

Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…

Multifactor Authentication: Great tool with some limitations

Multifactor authentication (MFA) stands as a stalwart defence in today’s cybersecurity landscape. Yet, despite its efficacy, MFA is not impervious to exploitation. Recognizing the avenues through which hackers bypass these defences is crucial for fortifying cybersecurity measures. This article has…

GoTo Meeting loads Remcos RAT via Rust Shellcode Loader

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

GoTo Meeting loads Remcos RAT via Rust Shellcode Loader

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

Sharp-Project: New Stealer Family on the Market

Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…

Android: Banking trojan masquerading as Chrome

Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…

My 6 Security Predictions for 2024…

The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…

csharp-streamer: Peeking under the hood

An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…

Cobalt Strike: Looking for the Beacon

During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…

Hostile Takeover: Malicious Ads via Facebook

Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone else’s name and at the expense of those affected. This quickly results in thousands of euros in damages for the actual account holders – not to…

Robots: Cybercriminals of the Future?

Artificial intelligence and adjacent technologies have been causing quite the stir lately. Many are concerned that AI is going to give rise to new and potentially completely machine-generated forms of criminal attacks. Let us look at some of those concerns.…

Vulnerabilities: Understand, mitigate, remediate

As the value of data has grown managing vulnerabilities effectively is essential for the success of your organizations’ security and minimizing the impact of successful attacks. But: What are those vulnerabilities, anyway? Eddy Willems explains. This article has been indexed…

ChatGPT: The real Evil Twin

The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world. This article has been indexed from Security Blog G Data Software AG Read the…

Recovering from Attacks: Getting Back to Normal

An all-out attack on a company network usually causes havoc. Normal operation ceases for the most part, and the entire organisation switches to “emergency mode”. Bouncing back from that can be a challenge that might take weeks or months. Here…

ChatGPT: What AI holds in store for security

ChatGPT has made quite a splash in recent weeks. The AI-supported chatbot impresses with its convincingly human-looking way of answering questions and interacting with users. This arouses enthusiasm as well as concerns – including in the world of IT security.…

Identifying file manipulation in system files

Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…

Identifying file manipulation in system files

Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…

The Psychology of Cybercrime

A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…

The Psychology of Cybercrime

A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…

Cybercrime: The Dangerous World of QR Codes

This article has been indexed from Security Blog G Data Software AG QR codes are everywhere these days. People use them to open websites, download apps, collect loyalty points, make payments and transfer money. This is very convenient for people,…

An attacker’s toolchest: Living off the land

This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…

An attacker’s toolchest: Living off the land

This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…

Research Project: SmartVMI

This article has been indexed from Security Blog G Data Software AG SmartVMI is getting off the ground: Alongside the University of Passau and innowerk, G DATA is conducting research into improving the state of virtual machine introspection for memory…

Android Malware: An underestimated problem?

This article has been indexed from Security Blog G Data Software AG Is Android malware dangerous? How can I prevent my phone from an being infected? How can I remove a malicious app from my phone? What’s the real reason…

Allcome clipbanker is a newcomer in underground forums

This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…

Allcome clipbanker is a newcomer in underground forums

This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…

Malware vaccines can prevent pandemics, yet are rarely used

This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…

Malware vaccines can prevent pandemics, yet are rarely used

This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…

To pay or not to pay?

This article has been indexed from Security Blog G Data Software AG Recently, several magazines have repeatedly covered how to protect against and recover from ransomware attacks. However, many companies and individuals are left with the question of whether they…

An overview of malware hashing algorithms

This article has been indexed from Security Blog G Data Software AG VirusTotal’s “Basic Properties” tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as…

Is it “Fool Us”, or is it “Us Fools”?

This article has been indexed from Security Blog G Data Software AG The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended…

Microsoft signed a malicious Netfilter rootkit

This article has been indexed from Security Blog G Data Software AG What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a…

Is it good, bad or something in between?

This article has been indexed from Security Blog G Data Software AG There has been a lot said about data scraping. Here is a breakdown of what it is, why it might be problematic and how we might deal with…

Malware Hides in Steam Profile Images

This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…

Malware Hides in Steam Profile Images

This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…

Malware family naming hell is our own fault

This article has been indexed from Security Blog G Data Software AG EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The…

11 Biggest cyber security threats in 2021

Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article covers a unique insight to the 11 biggest cyber security threats…

11 Biggest cyber security threats in 2021

Read the original article: 11 Biggest cyber security threats in 2021 Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article…

To patch or not to patch

Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…

To patch or not to patch

Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…

The danger inside your phone

Read the original article: The danger inside your phone SIM swapping targets people from various areas of life. A taxi driver is technically not less vulnerable to this attack as a business owner. In this article we cover how it…

Spying on your Exchange Server

Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…

Spying on your Exchange Server

Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…

New version adds encrypted communication

Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…

New version adds encrypted communication

Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…

Hey there! I am not using WhatsApp.

Read the original article: Hey there! I am not using WhatsApp. The new WhatsApp terms and policy are on everyone’s lips right now. People move to alternatives like Telegram and Signal. While Telegram is arguably more popular than Signal, it…

How secure are smart contracts?

Read the original article: How secure are smart contracts? Smart contracts are related to cryptocurrencies and offer more efficiency than usual contracts in certain areas. Meanwhile, they are only as secure as the programmer’s best knowledge. Due to bad programming…

The emerging trend of security token offerings

Read the original article: The emerging trend of security token offerings This article covers a fundraising method called STOs(security token offerings). While the benefits are clear, low usage and security risks may put a damper on things. We are likely…

IceRat evades antivirus by running PHP on Java VM

Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…

IceRat evades antivirus by running PHP on Java VM

Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…

Criminal Activities in Times of a Global Pandemic

Read the original article: Criminal Activities in Times of a Global Pandemic The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019 (COVID-19). This brought about a change in the everyday…

Babax stealer rebrands to Osno, installs rootkit

Read the original article: Babax stealer rebrands to Osno, installs rootkit Babax not only changes its name but also adds a Ring 3 rootkit and lateral spreading capabilities. Furthermore it has a ransomware component called OsnoLocker. Is this combination as…

Malware control via smartphone

Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app.   Become a supporter of…

Malware control via smartphone

Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app.   Become a supporter of…

A modern Sample Exchange System

Read the original article: A modern Sample Exchange System We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system.  …

DLL Fixer leads to Cyrat Ransomware

Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files.   Advertise on IT Security News. Read the original…

DLL Fixer leads to Cyrat Ransomware

Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files.   Advertise on IT Security News. Read the original…