We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler routine involving a single shell script, is actually incorporates a persistence mechanism.
Read More
We first detected the banking malware EMOTET back in 2014, we looked into the banking malware’s routines and behaviors and took note of its information stealing abilities via network sniffing. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants that have the potential to unleash different types of payloads in the affected system.
Read MoreDetecting banking malware has become part and parcel of the security industry, so cybercriminals are continuously looking to gain the upper hand in the battle against the financial industry and security vendors. In the BlackHat presentation Winning the Online Banking War last August 5, Sean Park proposed the use of a new online banking security framework…
Read MoreRTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We’d earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious…
Read MoreGoogle Code is Google’s official open source site meant for developers to host their program’s source code and related files, mostly in text format. However, using our sourcing system in Brazil, we were able to capture a malware written in Java that downloads BANKER malware from a recently created project called “flashplayerwindows”. Of course, this…
Read More