Criminals try to cover their tracks as best they can. This also includes hiding any activities that control the machines they have compromised. Using I2P is one way of doing that, but until recently this has rarely been used. This…
Category: Security Blog G Data Software AG
Malware Analysis: A Kernel Land Rootkit Loader for FK_Undead
We discovered a Windows rootkit loader [F1] for the malware family FK_Undead. The malware family is known for intercepting user network traffic through manipulation of proxy configurations. To the best of our knowledge the rootkit loader hasn’t been officially analyzed…
Malware by the (Bit)Bucket: Unveiling AsyncRAT
Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket. This article has been indexed from Security Blog G Data Software AG Read the original article: Malware by the (Bit)Bucket:…
Exploring GenAI in Cybersecurity: Gemini for Malware Analysis
How useful are Generative AI technologies when it comes to being used in a security context? We have taken the plunge and gave it a try. This article has been indexed from Security Blog G Data Software AG Read the…
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell
We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib. This article has been indexed from Security Blog G Data Software AG Read the original…
Sandbox scores are not an antivirus replacement
Automatic sandbox services should not be treated like “antivirus scanners” to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an “overall score” or “verdict” is misleading. This article has been…
Ailurophile: New Infostealer sighted in the wild
We discovered a new stealer in the wild called ‘”Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the…
Opinion: More layers in malware campaigns are not a sign of sophistication
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so? This article…
SocGholish: Fake update puts visitors at risk
The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…
Turla: A Master’s Art of Evasion
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article! This article has been indexed from Security Blog G Data…
Fortinet: CVE 2024-21754: Passwords on a Silver Platter
Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords. This article has been indexed from Security Blog G Data Software AG Read the…
New backdoor BadSpace delivered by high-ranking infected websites
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there’s an unwelcome surprise: the BadSpace backdoor. What is this new…
In Bad Company: JScript RAT and CobaltStrike
Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…
Multifactor Authentication: Great tool with some limitations
Multifactor authentication (MFA) stands as a stalwart defence in today’s cybersecurity landscape. Yet, despite its efficacy, MFA is not impervious to exploitation. Recognizing the avenues through which hackers bypass these defences is crucial for fortifying cybersecurity measures. This article has…
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…
Sharp-Project: New Stealer Family on the Market
Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…
Android: Banking trojan masquerading as Chrome
Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…
RisePro stealer targets Github users in “gitgub” campaign
RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The “gitgub” campaign already sent more than 700 archives of stolen data to Telegram. This article has been indexed from Security Blog G…
Let the “Mother of all Breaches” Be a Wake-up Call
At the end of January, a database with an allegedly unprecedented amount of personal information of billions of people appeared online. What does that mean for every one of us? What are the ramifications? Or is it all “more bark…
My 6 Security Predictions for 2024…
The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…
csharp-streamer: Peeking under the hood
An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…
Cobalt Strike: Looking for the Beacon
During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…
New “Agent Tesla” Variant: Unusual “ZPAQ” Archive Format Delivers Malware
A new variant of Agent Tesla uses the uncommon compression format ZPAQ to steal information from approximately 40 web browsers and various email clients. But what exactly is this file compression format? What advantage does it provide to threat actors?…
Buyer beware: Phishing sites & Fake Shops still popular among criminals
Just in time for Black Friday, the number of phishing and scam websites is increasing. People on the lookout for a bargain are at risk of having there payment details and personal information stolen. This article has been indexed from…
Hostile Takeover: Malicious Ads via Facebook
Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone else’s name and at the expense of those affected. This quickly results in thousands of euros in damages for the actual account holders – not to…
Robots: Cybercriminals of the Future?
Artificial intelligence and adjacent technologies have been causing quite the stir lately. Many are concerned that AI is going to give rise to new and potentially completely machine-generated forms of criminal attacks. Let us look at some of those concerns.…
NIS-2: EU Directive Takes a Massive Step towards Increased Security
NIS-2 aims to establish an EU wide common security standard for critical infrastructures and adjacent industries as well as vital supply chains. Here is a brief recap – and also a good reason why even non critical industries should pay…
A little History: What Hacking and Model Train Sets Have in Common
Many people have an image that springs to mind when they hear the term “hacker”. This image is often the result of media reports about criminal activity. But: You might be surprised to hear that the world would be far…
Vulnerabilities: Understand, mitigate, remediate
As the value of data has grown managing vulnerabilities effectively is essential for the success of your organizations’ security and minimizing the impact of successful attacks. But: What are those vulnerabilities, anyway? Eddy Willems explains. This article has been indexed…
ChatGPT: The real Evil Twin
The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world. This article has been indexed from Security Blog G Data Software AG Read the…
Verdict-as-a-Service moves malware scanning from the endpoint to the cloud
Today, no one can do without data at work. However, malware often lurks in shared resources. Stefan Hausotte and his team have developed a solution for this with G DATA Verdict-as-a-Service. He reveals more in an interview. This article has…
Recovering from Attacks: Getting Back to Normal
An all-out attack on a company network usually causes havoc. Normal operation ceases for the most part, and the entire organisation switches to “emergency mode”. Bouncing back from that can be a challenge that might take weeks or months. Here…
ChatGPT: What AI holds in store for security
ChatGPT has made quite a splash in recent weeks. The AI-supported chatbot impresses with its convincingly human-looking way of answering questions and interacting with users. This arouses enthusiasm as well as concerns – including in the world of IT security.…