Share Blog post
Security researchers have realized on analyzing that Emotet banking Trojan is being repackaged rapidly. The polymorphic dropped executables were investigated by security experts. It was found that the executables appear like different software in many aspects. This allows them to avoid signature-based antivirus and package detection.
Prilex ATM malware
This malware is almost exclusive to Brazil. Prilex ATM malware interacts with libraries from specific vendors, indicating particular knowledge of the ATM and related network. It works by hooking certain dynamic-link libraries (DLLs), replacing it with its own application screens on top of others.
In another discovery, hackers are using exploit kits to scan for vulnerabilities in the targeted system and install malware by injecting malicious code into the documents. This lures the users to open the documents and enable macros in the MS Office package.
Microsoft Azure flaw
A flaw that exists in Microsoft Azure Active Directory Connect could create stealthy admins in the user group by default. Enterprises with Office 365 deployments and on-premise Active Directory, who then use Azure AD Connect to sync between on-premise and cloud, will have been exposed to this privilege escalation vulnerability.
Posted on: December 15, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.