Avast

Ananlysis of TaRRaK Ransomware

First, the ransomware attempts to read a file to memory using File.ReadAllBytes(). This function has an internal limit – of a maximum of 2 GB. In case the file is larger, the function throws an exception, which is then handled by the try-catch block.

SMSFactory Android Trojan Looting Victims Using Premium SMS and Calls to Premium Phone Numbers

SMSFactory sneakily siphons money from victims around the world, including Russia, Brazil, Argentina, Turkey, Ukraine, US, France, and Spain, among others, by sending premium SMS and making calls to premium-rate phone numbers.

Warez users fell for Certishell

The Ceritshell family can be split into three different parts: RAT with a C&C server, miner downloaded from hacked websites, and miner or ransomware launched from a PowerShell command hidden in registry keys.

Attackers Use Compromised Philippine Navy Certificate to Spread Remote Access Tool

Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.

APT Group Targets Betting Companies Using MulCom Backdoor in Taiwan, the Philippines, and Hong Kong

Due to the similarities between the MulCom backdoor used by this group and FFRat, researchers suspect that the FFRat codebase is being shared between several Chinese adversary groups.

Mēris and TrickBot standing on the shoulders of giants - Avast Threat Labs

The botnet is known to exploit a known vulnerability in the Winbox component of MikroTik routers (CVE-2018-14847), enabling the attackers to gain unauthenticated, remote administrative access to any affected device.

Pre-war spike in phishing attacks targeting infrastructure in Ukraine

It is evident that Ukrainian companies have not been spared when it comes to phishing attacks, and attackers are targeting local communication infrastructures, network providers, and other services.

Raccoon Stealer: “Trash panda” abuses Telegram

Avast researchers came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.

Avast researchers warns against joining in DDoS attacks in aid of Ukraine

These DDoS tools collect personal data that can make users identifiable, such as IP address, country code, city, location based on IP address, username, hardware configuration, and system language.

How attackers got access to the systems of the National Games of China

In early September 2021, Avast threat researcher David Álvarez found a malware sample with a suspicious file extension and a report submitted by the National Games IT team to VirusTotal on an attack against a server associated with the Games.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags