Home Tags Md5

Tag: md5

Ztorg: from rooting to SMS

Irsquo;ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps.

All of them were rooting malware that used exploits to gain root rights on the infected device.
In May 2017, a new Ztorg variant appeared on the Google Play Store – only this this time it wasnrsquo;t a rooting malware but a Trojan-SMS.

VU#489392: Acronis True Image fails to update itself securely

Acronis True Image fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries.

Dridex: A History of Evolution

In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.

WannaCry FAQ: What you need to know today

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCryrsquo;, the largest ransomware infection in history.

Defenders have been running around trying to understand the malwarersquo;s capabilities.
In the process, a lot of wires have gotten crossed and we figured itrsquo;s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward.

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokeacute;mon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad.

After some searching, I found some other similar infected apps that were being distributed from the Google Play Store.

After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections.

Use of DNS Tunneling for C&C Communications

Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

Old Malware Tricks To Bypass Detection in the Age of Big...

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently.

This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the… Read Full Article

ATMitch: remote administration of ATMs

In February 2017, we published research on fileless attacks against enterprise networks.

This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations.

After penetrating an organization's network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization.

The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

At death’s door for years, widely used SHA1 function is now...

Algorithm underpinning Internet security falls to first-known collision attack.