XLoader Botnet: Find Me If You Can

May 31, 2022 2:37 pm

Research by: Alexey Bukhteyev & Raman Ladutska Introduction In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how... Click to Read More

Check Point Research detects vulnerability in the Everscale blockchain wallet, preventing cryptocurrency theft

April 25, 2022 1:06 pm

Research By: Alexey Bukhteyev Highlights Check Point Research (CPR) discovered a vulnerability in the web version of Ever Surf wallet, part of the Everscale blockchain ecosystem By exploiting the vulnerability, an attacker could... Click to Read More

Invisible Sandbox Evasion

February 7, 2022 2:11 pm

Research By: Alexey Bukhteyev Malware uses sandbox evasion techniques to avoid exposing its malicious behavior inside a sandbox and thus prevent detection. Figure 1 – Sandbox evasion techniques. Common evasion techniques include the... Click to Read More

Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions

December 16, 2021 1:58 pm

Research by: Alexey Bukhteyev Check Point Research (CPR) spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread The new variant “Twizt” enables... Click to Read More

Stealth is never enough, or Revealing Formbook successor’s C&C infrastructure

August 2, 2021 5:25 pm

By: Alexey Bukhteyev & Raman Ladutska Reliability is one of the main requirements for software, and malware is no exception. If a malware product is reliable enough to exfiltrate the data from the... Click to Read More

Time-proven tricks in a new environment: the macOS evolution of Formbook

July 27, 2021 11:15 pm

By: Alexey Bukhteyev & Raman Ladutska The vast majority of threats for macOS are Adware such as Shlayer, Bundlore, Pirrit, and others. Compared to Windows, we only rarely encounter really harmful macOS malware... Click to Read More

Top prevalent malware with a thousand campaigns migrates to macOS

July 21, 2021 12:57 pm

By: Alexey Bukhteyev and Raman Ladutska From a simple keylogger to a top prevalent malware Formbook is currently one of the most prevalent malware. It has been active for more than 5 years... Click to Read More

Hacker, 22, seeks LTR with your data: vulnerabilities found on popular OkCupid dating app

July 29, 2020 2:00 am

No Actual Daters Harmed in This Exercise   Research by Alon Boxiner, Eran Vaknin With over 50 million registered users since its launch, and the majority aged between 25 and 34, OkCupid is... Click to Read More

GuLoader? No, CloudEyE.

June 8, 2020 1:59 am

Italian company exposed on Clearnet earned up to $ 500,000 helping cybercriminals to deliver malware using cloud drives. Recently, we wrote about the network dropper known as GuLoader, which has been very actively... Click to Read More

Bringing VandaTheGod down to Earth: Exposing the person behind a 7-year hacktivism campaign

May 28, 2020 2:02 am

Introduction Since 2013, many official websites belonging to governments worldwide were hacked and defaced by an attacker who self-identified as ’VandaTheGod.’ The hacker targeted governments in numerous countries, including: Brazil, the Dominican Republic,... Click to Read More

Reverse RDP – The Path Not Taken

May 14, 2020 2:07 am

Research by: Eyal Itkin Overview During 2019, we published our research on the Reverse RDP Attack: Part 1 and Part 2. In those blog posts, we described how we found numerous critical vulnerabilities... Click to Read More

Bugs on the Windshield: Fuzzing the Windows Kernel

May 6, 2020 3:44 am

Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge.... Click to Read More

First seen in the wild – Malware uses Corporate MDM as attack vector

April 29, 2020 4:38 am

Research by: Aviran Hazum, Bogdan Melnykov, Chana Efrati, Danil Golubenko, Israel Wernik, Liav Kuperman, Ohad Mana Overview: Check Point researchers discovered a new Cerberus variant which is targeting a multinational conglomerate, and is... Click to Read More

E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins

April 29, 2020 2:00 am

Research by: Omri Herscovici and Sagi Tzadik Overview The COVID-19 pandemic has changed the way we live and work. “Sheltering in place” requires many people to work from home, thereby necessitating the use... Click to Read More

Ransomware Evolved: Double Extortion

April 16, 2020 2:03 am

Overview Picture this scene:  you arrive at the office one morning to find that cybercriminals have accessed your entire corporate network and encrypted all your files and databases, bringing the operations of your... Click to Read More