Search cyberveille.decio.ch

Found 12 bookmarks

Custom sorting

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.

#trellix #EN #2024 #research #Avast #Anti-Rootkit #driver #malware #aswArPot.sys #analysis

·trellix.com·Nov 27, 2024

When Guardians Become Predators: How Malware Corrupts the Protectors

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications.

#unit42.paloaltonetworks #FrostyGoop #EN #2024 #analysis #malware

·unit42.paloaltonetworks.com·Nov 20, 2024

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

FASTCash for Linux

Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.

#doubleagent #EN #2024 #analysis #Linux #DPRK #FASTCash #malware

·doubleagent.net·Oct 21, 2024

FASTCash for Linux

New macOS malware HZ RAT lets attackers control Macs remotely

It lets attackers control Macs remotely.

#moonlock #EN #2024 #macOS #malware #HZRAT #RAT #analysis

·moonlock.com·Sep 20, 2024

New macOS malware HZ RAT lets attackers control Macs remotely

ClickFix Deception: A Social Engineering Tactic to Deploy Malware

Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as

#mcafee #EN #2024 #analysis #ClickFix #Deploy #Malware #Tactic

·mcafee.com·Jul 17, 2024

ClickFix Deception: A Social Engineering Tactic to Deploy Malware

Turla: A Master’s Art of Evasion

Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this.

#gdatasoftware #EN #2024 #Turla #analysis #malware #LNK-files #LNK

·gdatasoftware.com·Jul 8, 2024

Turla: A Master’s Art of Evasion

PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog

Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.

#sekoia #EN #2024 #PikaBot #malware #analysis #TA577 #BlackBasta

·blog.sekoia.io·Jun 4, 2024

PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog

Kaspersky analysis of the backdoor in XZ

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #analysis #Malware-Descriptions #Malware-Technologies #SSH #XZ

·securelist.com·Apr 13, 2024

Kaspersky analysis of the backdoor in XZ

Distinctive Campaign Evolution of Pikabot Malware

Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a

#mcafee #EN #2024 #analysis #Pikabot #Malware

·mcafee.com·Apr 5, 2024

Distinctive Campaign Evolution of Pikabot Malware

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf

Analyzing DPRK's SpectralBlur

In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg

#objective-see #EN #2024 #Analysis #macOS #backdoor #SpectralBlur #malware

·objective-see.org·Jan 5, 2024

Analyzing DPRK's SpectralBlur

Objective-See's Blog

A comprehensive analysis of the year's new malware

#objective-see #EN #2024 #retrospective #macos #malware #year #analysis

·objective-see.org·Jan 2, 2024

Objective-See's Blog