We analyzed a malicious Monero miner using multiple methods for propagation and infection to systems and vulnerable databases. While initially found infecting systems in China beginning of the year, the malware is expanding to other countries with more infiltration techniques like EternalBlue and PowerShell abuse.
Read More
We noticed a Linux coin miner with scripts almost the same as KORKERDS, and with just one crontab removes other miners and malware installed in the system upon infection.
Read More
We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.
Read More
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware. A malicious app could be used to trigger this vulnerability, which occurs when a malicious disk using the F2FS (Flash-Friendly File System) is mounted. The disk can either be an actual physical device or a virtual file image.
Read MoreThe security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data is particularly difficult. As a result, manual data analysis is often the only choice, forcing security professionals like investigators, penetration testers, reverse engineers, and analysts to process data through tedious and repetitive operations.
Read More