Tag: Security Blog G Data Software AG

Recently, we uncovered a sophisticated attack campaign employing a multi-stage approach to deliver AsyncRAT via a legitimate platform called Bitbucket. This article has been indexed from Security Blog G Data Software AG Read the original article: Malware by the (Bit)Bucket:…

Read more →

How useful are Generative AI technologies when it comes to being used in a security context? We have taken the plunge and gave it a try. This article has been indexed from Security Blog G Data Software AG Read the…

Read more →

How useful are Generative AI technologies when it comes to being used in a security context? We have taken the plunge and gave it a try. This article has been indexed from Security Blog G Data Software AG Read the…

Read more →

We break down the full infection chain of the Brazilian-targeted threat BBTok and demonstrate how to deobfuscate the loader DLL using PowerShell, Python, and dnlib. This article has been indexed from Security Blog G Data Software AG Read the original…

Read more →

Automatic sandbox services should not be treated like “antivirus scanners” to determine maliciousness for samples. That’s not their intended use, and they perform poorly in that role. Unfortunately, providing an “overall score” or “verdict” is misleading. This article has been…

Read more →

We discovered a new stealer in the wild called ‘”Ailurophile Stealer”. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the…

Read more →

Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so? This article…

Read more →

The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…

Read more →

The SocGholish downloader has been a favourite of several cybercrime groups since 2017. It delivers a payload that poses as a browser update. As any piece of malware, it undergoes an evolutionary process. We have taken a look at the…

Read more →

Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this. Learn more about the details in this article! This article has been indexed from Security Blog G Data…

Read more →

Matthias Barkhausen and Hendrik Eckardt have discovered a flaw in the firmware of Fortinet firewalls. This flaw potentially reveals sensitive information to attackers, such as passwords. This article has been indexed from Security Blog G Data Software AG Read the…

Read more →

Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there’s an unwelcome surprise: the BadSpace backdoor. What is this new…

Read more →

Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…

Read more →

Multifactor authentication (MFA) stands as a stalwart defence in today’s cybersecurity landscape. Yet, despite its efficacy, MFA is not impervious to exploitation. Recognizing the avenues through which hackers bypass these defences is crucial for fortifying cybersecurity measures. This article has…

Read more →

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

Read more →

Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…

Read more →

Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…

Read more →

Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…

Read more →

RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The “gitgub” campaign already sent more than 700 archives of stolen data to Telegram. This article has been indexed from Security Blog G…

Read more →

RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The “gitgub” campaign already sent more than 700 archives of stolen data to Telegram. This article has been indexed from Security Blog G…

Read more →

At the end of January, a database with an allegedly unprecedented amount of personal information of billions of people appeared online. What does that mean for every one of us? What are the ramifications? Or is it all “more bark…

Read more →

The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…

Read more →

An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…

Read more →

During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…

Read more →

A new variant of Agent Tesla uses the uncommon compression format ZPAQ to steal information from approximately 40 web browsers and various email clients. But what exactly is this file compression format? What advantage does it provide to threat actors?…

Read more →

Just in time for Black Friday, the number of phishing and scam websites is increasing. People on the lookout for a bargain are at risk of having there payment details and personal information stolen. This article has been indexed from…

Read more →

Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone else’s name and at the expense of those affected. This quickly results in thousands of euros in damages for the actual account holders – not to…

Read more →