We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine.Read More
Most point-of-sale (PoS) threats follow a common process: dump, scrape, store, exfiltrate. FastPOS (initially detected by Trend Micro as TSPY_FASTPOS.SMZTDA) was different with the way it removed a middleman and went straight from stealing credit card data to directly exfiltrating them to its command and control (C&C) servers.
FastPOS was true to its moniker—pilfer data as fast as possible, as much as it can, even at the expense of stealth. The malware is a reflection of how PoS threats, though no longer novel, are increasingly used against businesses and their customers. As such, FastPOS’s update does not come as a surprise—in time for the oncoming retail season to boot.Read More
Some time ago, I was asked by a colleague to develop a set of Yara rules to detect samples of the Stampado ransomware family. (Yara is an open-source tool used by security researchers to spot and categorize malware samples according to a set of defined rules.)
Stampado is a relatively new Ransomware-as-a-Service (RaaS) threat that’s been on our radar recently. I had access to only a few samples at the time, and first tried looking for common strings among them but had no luck. I then went to compare the files structures and realized all of them had an interesting section at the end of the file, like the one starting at offset 0xde000 as follows:Read More
In a recent blog post, we talked about the Haima app store on iOS. Here, we found that official apps were repacked and advertising modules added to generate revenue for the owners.
One reason for this store’s popularity is its relative ease of use, thanks to the “Haima iOS Helper”. This app is meant to complement the rest of the store by making it easier to install apps and manage the user’s device. This can be considered analogous to the roles that iTunes performs for most iOS users.Read More