Found 36 bookmarks
Custom sorting
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
Hitching a ride with Mustang Panda
Hitching a ride with Mustang Panda
Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.
#avast#EN#2022#MustangPanda#exfiltrated#analysis
·decoded.avast.io·
Hitching a ride with Mustang Panda
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
Hitching a ride with Mustang Panda
Hitching a ride with Mustang Panda
Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.
#avast#EN#2022#MustangPanda#exfiltrated#analysis
·decoded.avast.io·
Hitching a ride with Mustang Panda