Malware

Release the Kraken: Fileless injection into Windows Error Reporting service - We discovered a new attack that injected its payload—dubbed

Malware | Malwarebytes news | Threat analysis

Release the Kraken: Fileless injection into Windows Error Reporting service

October 6, 2020 - We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.

Read more
Malspam campaign caught using GuLoader after service relaunch - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch

Malware | Threat analysis

Malspam campaign caught using GuLoader after service relaunch

July 30, 2020 - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch

Read more
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Malware | Threat analysis

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

June 17, 2020 - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Read more
New LNK attack tied to Higaisa APT discovered - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Malware | Threat analysis

New LNK attack tied to Higaisa APT discovered

June 4, 2020 - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Read more
Shining a light on “Silent Night” Zloader/Zbot - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Malware | Threat analysis

Shining a light on “Silent Night” Zloader/Zbot

May 21, 2020 - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Read more
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Mac | Malware | Threat analysis

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

May 6, 2020 - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Read more
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Malware | Threat analysis

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

May 15, 2019 - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Read more
“Funky malware format” found in Ocean Lotus sample - Recently, one of our researchers presented at the SAS conference on

Malware | Threat analysis

“Funky malware format” found in Ocean Lotus sample

April 19, 2019 - Recently, one of our researchers presented at the SAS conference on "Funky malware formats"—atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.

Read more
Spotlight on Troldesh ransomware, aka ‘Shade’ - Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it's been successful against businesses in the first few months of 2019.

Malware | Threat analysis

Spotlight on Troldesh ransomware, aka ‘Shade’

March 6, 2019 - Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it's been successful against businesses in the first few months of 2019.

Read more

Select your language