Malware by the (Bit)Bucket: Unveiling AsyncRAT
Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket.
Malware by the (Bit)Bucket: Unveiling AsyncRAT
Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket.
Exploring GenAI in Cybersecurity: Gemini for Malware Analysis
How useful are Generative AI technologies when it comes to being used in a security context? We have taken the plunge and gave it a try.
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell
We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib.
Sandbox scores are not an antivirus replacement
Automatic sandbox services should not be treated like "antivirus scanners" to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an "overall score" or "verdict" is misleading.
Ailurophile: New Infostealer sighted in the wild
We discovered a new stealer in the wild called '"Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the website's web panel, its customers are provided…
Opinion: More layers in malware campaigns are not a sign of sophistication
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so?
SocGholish: Fake update puts visitors at risk
The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the latest developments, which targets Wordpress based websites.
Turla: A Master’s Art of Evasion
Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article!
Fortinet: CVE 2024-21754: Passwords on a Silver Platter
Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords.
Backdoor BadSpace delivered by high-ranking infected websites
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there's an unwelcome surprise: the BadSpace backdoor. What is this new threat capable of, and how is it eerily similar to a…