Clik here to view.
FakeMBAM: Backdoor delivered through software updates
Many applications can be updated automatically and without any user interaction. This is commonly considered a good practice from the security point of view, since it allows for quick distribution of...
View ArticleClik here to view.
DirtyMoe: Introduction and General Overview of Modularized Malware
Abstract The rising price of the cryptocurrency has caused a skyrocketing trend of malware samples in the wild. DDoS attacks go hand in hand with the mining of cryptocurrencies to increase the...
View ArticleClik here to view.
Crackonosh: A New Malware Distributed in Cracked Software
We recently became aware of customer reports advising that Avast antivirus was missing from their systems – like the following example from Reddit. From Reddit We looked into this report and others...
View ArticleClik here to view.
Backdoored Client from Mongolian CA MonPass
Introduction We discovered an installer downloaded from the official website of MonPass, a major certification authority (CA) in Mongolia in East Asia that was backdoored with Cobalt Strike binaries....
View ArticleClik here to view.
Avast Finds Backdoor on US Government Commission Network
We have found a new targeted attack against a small, lesser-known U.S. federal government commission associated with international rights. Despite repeated attempts through multiple channels over the...
View ArticleClik here to view.
Analysis of Attack Against National Games of China Systems
Introduction On September 15, 2021 the National Games of China began in the Chinese city of Shaanxi. It is an event similar if not identical to the Olympics, but only hosts athletes from China....
View ArticleClik here to view.
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the...
View ArticleClik here to view.
Parrot TDS takes over web servers and threatens millions
Campaign overview A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the...
View ArticleClik here to view.
PNG Steganography Hides Backdoor
Our fellow researchers from ESET published an article about previously undocumented tools infiltrating high-profile companies and local governments in Asia. The tools, active since at least 2020 are...
View ArticleClik here to view.
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
When we think about V8 exploits, the first things that come to mind are probably related to sophisticated browser zero-day exploit chains. While the browser may be the most interesting target for V8...
View ArticleClik here to view.
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual...
Key Points Avast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan...
View Article