Category: Security Blog G Data Software AG

Malware Analysis: A Kernel Land Rootkit Loader for FK_Undead

We discovered a Windows rootkit loader [F1] for the malware family FK_Undead. The malware family is known for intercepting user network traffic through manipulation of proxy configurations. To the best of our knowledge the rootkit loader hasn’t been officially analyzed…

Malware by the (Bit)Bucket: Unveiling AsyncRAT

Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket. This article has been indexed from Security Blog G Data Software AG Read the original article: Malware by the (Bit)Bucket:…

Sandbox scores are not an antivirus replacement

Automatic sandbox services should not be treated like “antivirus scanners” to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an “overall score” or “verdict” is misleading. This article has been…

Ailurophile: New Infostealer sighted in the wild

We discovered a new stealer in the wild called ‘”Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the…

SocGholish: Fake update puts visitors at risk

The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…

Turla: A Master’s Art of Evasion

Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article! This article has been indexed from Security Blog G Data…

Fortinet: CVE 2024-21754: Passwords on a Silver Platter

Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords. This article has been indexed from Security Blog G Data Software AG Read the…

In Bad Company: JScript RAT and CobaltStrike

Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…

Multifactor Authentication: Great tool with some limitations

Multifactor authentication (MFA) stands as a stalwart defence in today’s cybersecurity landscape. Yet, despite its efficacy, MFA is not impervious to exploitation. Recognizing the avenues through which hackers bypass these defences is crucial for fortifying cybersecurity measures. This article has…

GoTo Meeting loads Remcos RAT via Rust Shellcode Loader

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

GoTo Meeting loads Remcos RAT via Rust Shellcode Loader

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

Sharp-Project: New Stealer Family on the Market

Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…

Android: Banking trojan masquerading as Chrome

Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…

My 6 Security Predictions for 2024…

The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…

csharp-streamer: Peeking under the hood

An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…

Cobalt Strike: Looking for the Beacon

During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…

Hostile Takeover: Malicious Ads via Facebook

Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone else’s name and at the expense of those affected. This quickly results in thousands of euros in damages for the actual account holders – not to…

Robots: Cybercriminals of the Future?

Artificial intelligence and adjacent technologies have been causing quite the stir lately. Many are concerned that AI is going to give rise to new and potentially completely machine-generated forms of criminal attacks. Let us look at some of those concerns.…

Vulnerabilities: Understand, mitigate, remediate

As the value of data has grown managing vulnerabilities effectively is essential for the success of your organizations’ security and minimizing the impact of successful attacks. But: What are those vulnerabilities, anyway? Eddy Willems explains. This article has been indexed…

ChatGPT: The real Evil Twin

The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world. This article has been indexed from Security Blog G Data Software AG Read the…

Recovering from Attacks: Getting Back to Normal

An all-out attack on a company network usually causes havoc. Normal operation ceases for the most part, and the entire organisation switches to “emergency mode”. Bouncing back from that can be a challenge that might take weeks or months. Here…

ChatGPT: What AI holds in store for security

ChatGPT has made quite a splash in recent weeks. The AI-supported chatbot impresses with its convincingly human-looking way of answering questions and interacting with users. This arouses enthusiasm as well as concerns – including in the world of IT security.…