Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a number of older Android devices to perform its privilege escalation.Read More
Recently, we discovered CVE-2017-11882 being exploited again in an attack that uses an uncommon method of installation—via the Windows Installer service in Microsoft Windows operating systems.Read More
Cybercriminals are constantly looking for new strategies to defeat security solutions and improve the success of their attacks.
The increase in adoption of polymorphism and packing has made traditional signature-based detection at the client side (endpoint) obsolete. Backend systems struggle in analyzing modern malware since both static and dynamic analysis are limited when heavily obfuscated code or anti-sandboxing techniques are employed. In addition, the number of newly discovered threats is increasing, and faster detection systems are required to protect users around the world.Read More
In 2017, we saw digital extortion increasingly become cybercriminals’ first and foremost money-making modus operandi. It’s mostly due to ransomware — cybercriminals’ currently most popular weapon of choice, helping them in extorting cash from users all over the world and in hitting big businesses and organizations.
By infecting business-critical systems through their shotgun-style ransomware attacks and thus crippling enterprise day-to-day operations, cybercriminals managed to force big companies to bend to their will. Digital extortion has become the most successful moneymaking venture for cybercriminals, and the most effective in terms of the scale of their victims. Big or small, everyone gets hit, and everyone has to pay.Read More
We analyzed a new RATANKBA variant (BKDR_RATANKBA.ZAEL-A) that uses a PowerShell script instead of its more traditional PE executable form. In this entry, we provide in-depth analysis of the malware, as well as a detailed examination of its remote controller.Read More