Researching Xiaomi’s TEE to get to Chinese money

August 12, 2022 12:54 pm

Research By: Slava Makkaveev Introduction Have you ever wondered if it is safe to make payments from a mobile device? Can a malicious app steal money from your digital wallet? According to the... Click to Read More

Chinese actor takes aim, armed with Nim Language and Bizarro AES

June 22, 2022 12:52 pm

Executive Summary In this article, Check Point Research shares findings on a group / activity cluster with ties to Tropic Trooper: The infection chain includes a previously undescribed loader (dubbed “Nimbda”) written in... Click to Read More

Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials

June 14, 2022 12:57 pm

Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks use a... Click to Read More

Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks

June 2, 2022 12:52 pm

Research by: Slava Makkaveev Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all... Click to Read More

XLoader Botnet: Find Me If You Can

May 31, 2022 2:37 pm

Research by: Alexey Bukhteyev & Raman Ladutska Introduction In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how... Click to Read More

Twisted Panda: Chinese APT espionage operation against Russian state-owned defense institutes

May 19, 2022 1:22 pm

Introduction In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities... Click to Read More

#ALHACK: One codec to hack the whole world

May 18, 2022 1:09 pm

Research by: Slava Makkaveev, Netanel Ben Simon Introduction The Apple Lossless Audio Codec (ALAC) is an audio coding format developed by Apple Inc. in 2004 for lossless data compression of digital music. After... Click to Read More

Check Point Research detects vulnerability in the Everscale blockchain wallet, preventing cryptocurrency theft

April 25, 2022 1:06 pm

Research By: Alexey Bukhteyev Highlights Check Point Research (CPR) discovered a vulnerability in the web version of Ever Surf wallet, part of the Everscale blockchain ecosystem By exploiting the vulnerability, an attacker could... Click to Read More

State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage

March 31, 2022 12:58 pm

Introduction Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine... Click to Read More

AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs

March 19, 2022 2:10 pm

Research by : Dikla Barda, Roman Zaikin, Oded Vanunu Highlights: ApeCoin, one of the largest NTF’s today announced free token claim on launch Hackers found a way to claim free tokens on ApeCoin... Click to Read More

Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of

March 10, 2022 10:04 pm

Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue;... Click to Read More

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store

February 24, 2022 1:56 pm

Popular games such as “Temple Run” or  “Subway Surfer” were found to be malicious Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine... Click to Read More

EvilPlayout: Attack Against Iran’s State Broadcaster

February 18, 2022 1:09 pm

In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure and causing major... Click to Read More

Invisible Sandbox Evasion

February 7, 2022 2:11 pm

Research By: Alexey Bukhteyev Malware uses sandbox evasion techniques to avoid exposing its malicious behavior inside a sandbox and thus prevent detection. Figure 1 – Sandbox evasion techniques. Common evasion techniques include the... Click to Read More

APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit

January 11, 2022 2:09 pm

Introduction With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored... Click to Read More