Home Tags Malicious

Tag: malicious

Happy IR in the New Year!

Endpoint anal In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network.
Itrsquo;s holiday season and it is our pleasure to share this script with you.
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible.
Identifying attack patterns helps you mitigate quicker.
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on usersrsquo; computers.

This time, wersquo;d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
This is your phone on mining software.

Any questions?
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

Jack of all trades

Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi.

This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.
In 2017, Kaspersky Labrsquo;s web antivirus detected 15 714 700 unique malicious objects (scripts, exploits, executable files, etc.) and 199 455 606 unique URLs were recognized as malicious by web antivirus components. Kaspersky Lab solutions detected and repelled 1 188 728 338 malicious attacks launched from online resources located in 206 countries all over the world.
London - Dec. 12, 2017 - Malicious mobile apps are back on the rise, impersonating brands and fooling consumers, according to digital threat management leader RiskIQ, in its Q3 mobile threat landscape report, which analysed 120 mobile app stores and mo...

Still Stealing

Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store.
In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com
Researcher finds logger, turned off by default, could be turned on with a registry change.