With additional analysis from David Agni Improvements in security file scanners are causing malware authors to deviate from the traditional malware installation routine. It’s no longer enough for malware to rely on dropping copies of themselves to a location specified in the malware code and using persistence tactics like setting up an autostart feature to…
Read MoreMichael Marcos
Threat Response Engineer
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These files are appended by a *.VAULT file extension, an antivirus software service that keeps any quarantined files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to an infected…
Read MoreWe recently talked about recent improvements to the CTB-Locker ransomware. To recap, the malware now offers a “free decryption” service, extended deadline to decrypt the files, and an option to change the language of the ransom message. We are seeing another wave of CTB-Locker ransomware making their way into the wild. What’s highly notable about…
Read MoreThe DYRE/Dyreza banking malware is back with a new infection technique: we observed that it now hijacks Microsoft Outlook to spread the notorious UPATRE malware to target an expanded list of targeted banks. Last October 2014 we observed a hike in UPATRE-DYRE malware infections brought by the CUTWAIL spambot, a pattern we observed was similar…
Read MoreIn the middle of my research on the remote access Trojan (RAT) known as “njrat” or “Njw0rm”, I stumbled upon dev-point.com, a site that disguises itself as a site for “IT enthusiasts” but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the…
Read More