Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Categories:

Tags:

(Read more…)

The post Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses appeared first on Malwarebytes Labs.

Exploit kits: spring 2019 review

In this edition, we review active and unique exploit kits hitting consumers and businesses over the spring season.

Categories:

Tags:

(Read more…)

The post Exploit kits: spring 2019 review appeared first on Malwarebytes Labs.

“Funky malware format” found in Ocean Lotus sample

Recently, one of our researchers presented at the SAS conference on “Funky malware formats”—atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.

Categories:

Tags:

(Read more…)

The post “Funky malware format” found in Ocean Lotus sample appeared first on Malwarebytes Labs.

Plugin vulnerabilities exploited in traffic monetization schemes

The latest round of vulnerable WordPress plugins leads to an active traffic monetization campaign via hacked websites.

Categories:

Tags:

(Read more…)

The post Plugin vulnerabilities exploited in traffic monetization schemes appeared first on Malwarebytes Labs.

The Advanced Persistent Threat files: Lazarus Group

Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here’s what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.

Categories:

Tags:

(Read more…)

The post The Advanced Persistent Threat files: Lazarus Group appeared first on Malwarebytes Labs.

Spotlight on Troldesh ransomware, aka ‘Shade’

Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it’s been successful against businesses in the first few months of 2019.

Categories:

Tags:

(Read more…)

The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.

New Golang brute forcer discovered amid rise in e-commerce attacks

E-commerce sites are a hot commodity these days. We dig into how compromised PCs are helping to hack into them to inject skimmers, whether via vulnerabilities in the websites themselves or through a new malware we discovered gaining entry via brute force.

Categories:

Tags:

(Read more…)

The post New Golang brute forcer discovered amid rise in e-commerce attacks appeared first on Malwarebytes Labs.

The Advanced Persistent Threat Files: APT1

Next up in the Advanced Persistent Threat Files: APT1, a unit of the People’s Liberation Army of China known for wide-scale and high-volume data collection on mostly English-speaking companies.

Categories:

Tags:

(Read more…)

The post The Advanced Persistent Threat Files: APT1 appeared first on Malwarebytes Labs.

New critical vulnerability in open-source office suites

A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild?

Categories:

Tags:

(Read more…)

The post New critical vulnerability in open-source office suites appeared first on Malwarebytes Labs.