Home Tags Malicious

Tag: malicious

Backups of virtual machines on some hosts could be accessed or altered by an attacker.
Malware researchers have spotted what they think is the malicious Android app using Google's Kotlin language.
Google removed 22 malicious adware apps ranging from flashlights, call recorders to wifi signal boosters that together were downloaded up to 7.5 million times from the Google Play marketplace.
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The attacker could exploit this vulnerability by sending the...

Happy IR in the New Year!

Endpoint anal In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network.
Itrsquo;s holiday season and it is our pleasure to share this script with you.
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible.
Identifying attack patterns helps you mitigate quicker.
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on usersrsquo; computers.

This time, wersquo;d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
This is your phone on mining software.

Any questions?
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

Jack of all trades

Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi.

This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.