Fake jquery campaign leads to malvertising and ad fraud schemes

We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.

Categories:

Tags:

(Read more…)

The post Fake jquery campaign leads to malvertising and ad fraud schemes appeared first on Malwarebytes Labs.

GreenFlash Sundown exploit kit expands via large malvertising campaign

The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.

Categories:

Tags:

(Read more…)

The post GreenFlash Sundown exploit kit expands via large malvertising campaign appeared first on Malwarebytes Labs.

Hidden Bee: Let’s go down the rabbit hole

The complex and sophisticated custom malware, Hidden Bee, is a Chinese cryptominer that recently released an updated sample. We unpack the sample to look at the functionality of its loader and compare it against earlier versions.

Categories:

Tags:

(Read more…)

The post Hidden Bee: Let’s go down the rabbit hole appeared first on Malwarebytes Labs.

Medical industry struggles with PACS data leaks

PACS servers are often used to store and transmit patient data. But how is their security implemented? We take a look at case of how poor setup can easily lead to data leaks.

Categories:

Tags:

(Read more…)

The post Medical industry struggles with PACS data leaks appeared first on Malwarebytes Labs.

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Categories:

Tags:

(Read more…)

The post Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses appeared first on Malwarebytes Labs.

“Funky malware format” found in Ocean Lotus sample

Recently, one of our researchers presented at the SAS conference on “Funky malware formats”—atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.

Categories:

Tags:

(Read more…)

The post “Funky malware format” found in Ocean Lotus sample appeared first on Malwarebytes Labs.

Plugin vulnerabilities exploited in traffic monetization schemes

The latest round of vulnerable WordPress plugins leads to an active traffic monetization campaign via hacked websites.

Categories:

Tags:

(Read more…)

The post Plugin vulnerabilities exploited in traffic monetization schemes appeared first on Malwarebytes Labs.

The Advanced Persistent Threat files: Lazarus Group

Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here’s what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.

Categories:

Tags:

(Read more…)

The post The Advanced Persistent Threat files: Lazarus Group appeared first on Malwarebytes Labs.

Spotlight on Troldesh ransomware, aka ‘Shade’

Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it’s been successful against businesses in the first few months of 2019.

Categories:

Tags:

(Read more…)

The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.