Home Tags Md5

Tag: md5

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses.

The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker.

During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantisrsquo;.

Pocket cryptofarms

In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly.
Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of stories.

These include hacked exchanges, Bitcoin and Monero ransoms, and, of course, hidden mining.

Your new friend, KLara

In RD we use a lot of open-source projects and we believe giving back to the community is our way of saying ‘Thank yoursquo;. More and more security companies are releasing their open-source projects and we would like to contribute with our distributed YARA scanner.
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT.

From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.
In October 2017, we learned of a vulnerability in Telegram Messengerrsquo;s Windows client that was being exploited in the wild.
It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its CC.

That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling.
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild.
In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago.
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on usersrsquo; computers.

This time, wersquo;d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

Still Stealing

Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store.
In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employeersquo;s home computer system.

To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process.

Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe.

But some samples employ other interesting methods. We're going to discuss one such type of malware.