We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude…Read More
Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. Our detections show that it’s making another comeback with new campaigns.
A closer look at the file-encrypting malware’s activities reveals a constant: the use of spam. While they remain a major entry point for ransomware, Locky appears to be concentrating its distribution through large-scale spam campaigns of late, regardless of the variants released by its operators/developers.Read More
The OSX_DOK malware showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OS X operating system. This malware, which specifically targets Swiss banking users, uses a phishing campaign to drop its payload, which eventually results in the hijacking of a user’s network traffic using a Man-in-the- Middle (MitM) attack. OSX_DOK seems to be another version of WERDLOD, which is a malware that was used during the Operation Emmental campaigns.Read More