News

CowerSnail – a three-megabyte backdoor

London, UK ā€“ July 27, 2017 ā€“ At the end of May, researchers from Kaspersky Lab discovered a SambaCry cryptocurrency miner for *nix systems, which exploited the EternalRed vulnerability. Soon they captured malware for Windows that was probably created by the same group (since both malware types used the same C2 server).

The Trickbot Trojan moves into top gear

London, UK ā€“ July 25, 2017 ā€“ The Trickbot banking Trojan is used for Man-in-the-Browser attacks since mid-2016. Currently, adversaries use the Necurs botnet for its distribution. This botnet is tied to Locky and Jeff Ransomware attacks and is capable of sending millions of emails per day.

Banking Trojan NukeBot: First Tests

London, UK ā€“ July 20, 2017 ā€“ NukeBot’s author published its source code in the Darknet this spring. Since then various modifications of NukeBot banking Trojan began to appear on the Internet. Researchers from Kaspersky Lab have analyzed NukeBot modifications they found in recent months and shared the results.

New phishing campaign using OSX/Dok

London, UK ā€“ July 18, 2017 ā€“ Adversaries continue to improve OSX/Dok discovered at the end of April for banking credentials stealing. Researchers at Check Point report that a phishing campaign continues.

RAT Adwind strikes again

London, UK ā€“ July 13, 2017 ā€“ Researchers from Trend Micro reported an increased number of attacks using the cross-platform Remote Access Trojan Adwind. Their number has doubled over the past month.

New Modifications of POS Malware

London, UK ā€“ July 11, 2017 ā€“ The last two weeks the world’s attention has been drawn to NotPetya / GoldenEye APT attack. Thatā€™s why some other attacks attract less attention than they deserve. Researchers from the Securelist reported a new modification of Neutrino for POS terminals.

AdGholas Group infects thousands computers every day

London, UK ā€“ July 6, 2017 ā€“ This group has been operating for several years and uses its malvertising network for infecting their victims with a variety of viruses. Despite the fact that their activities have long been known, AdGholas group is still active and evolving its methods.

Sorebrect ā€“ a New Fileless Ransomware

London, UK ā€“ July 4, 2017 ā€“ Researchers from Trend Micro reported a new threat created to attack large enterprises. Sorebrect is a fileless Ransomware that injects malicious code into svchost.exe process. This virus gets delivered into a system through the malicious use of the PsExec utility, which allows system administrators to run files or […]

SIEM Use Case for Petya Ransomware detection

London, UK ā€“ June 27, 2017 ā€“ We created a SIEM use case that detects the new version of infamous Petya ransomware . Petya A / PetrWrap Ransomware detector for ArcSight, QRadar and Splunk is available free of charge for all organizations after registration in the S.M.A. Cloud. Currently, we are working on finding and […]

Fileless Attacks are on the Rise

London, UK ā€“ June 23, 2017 ā€“ This year, the number of sophisticated attacks that use fileless malware increased by 33%. Such attacks become more popular among cybercriminals due to the fact that they easily bypass antivirus systems and application whitelisting, and it is harder to investigate them by usual methods. One of the latest […]