Going Rogue- a Mastermind behind Android Malware Returns with a New RAT

January 12, 2021 1:49 pm

Research by: Aviran Hazum, Alex Shamshur, Raman Ladutska, Ohad Mana, Israel Wernik Introduction Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the... Click to Read More

SUNBURST, TEARDROP and the NetSec New Normal

December 22, 2020 5:35 pm

Foreword In December 2020, a large-scale cyberattack targeting many organizations – predominantly tech companies, mainly in the United States, but not only there – was discovered to have been going on for several... Click to Read More

Game On – Finding vulnerabilities in Valve’s “Steam Sockets”

December 10, 2020 1:55 pm

Research by: Eyal Itkin Overview The beautiful thing about video games is that there’s something for everyone. You can play as a 19-year-old Canadian redhead trying to climb a difficult mountain; or as an... Click to Read More

Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications

December 3, 2020 1:58 pm

Research by: Aviran Hazum, Jonathan Shimonovich Overview: A new vulnerability for the Google Play Core Library was published in late August, which allows Local-Code-Execution (LCE) within the scope of any application that has... Click to Read More

Bandook: Signed & Delivered

November 26, 2020 2:21 pm

Introduction Check Point Research recently observed a new wave of campaigns against various targets worldwide that utilizes a strain of a 13-year old backdoor Trojan named Bandook. Bandook, which had almost disappeared from... Click to Read More

Pay2Key – The Plot Thickens

November 12, 2020 12:58 pm

Introduction Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies.  The ransomware used... Click to Read More

Ransomware Alert: Pay2Key

November 6, 2020 1:53 pm

Introduction Over the past week, an exceptional number of Israeli companies reported ransomware attacks. While some of the attacks were carried out by known ransomware strands like REvil and Ryuk, several large corporations... Click to Read More

Exploit Developer Spotlight: The Story of PlayBit

October 26, 2020 1:00 pm

Research By: Eyal Itkin and Itay Cohen Introduction Exploits have always been an important and integral part of malicious attacks. They allow attackers to gain capabilities that are not easy to achieve otherwise.... Click to Read More

Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints

October 2, 2020 1:00 pm

Research by: Itay Cohen, Eyal Itkin In the past months, our Vulnerability and Malware Research teams joined efforts to focus on the exploits inside the malware and specifically, on the exploit writers themselves.... Click to Read More

Rampant Kitten – An Iranian Espionage Campaign

September 18, 2020 12:58 pm

Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by... Click to Read More

Gozi: The Malware with a Thousand Faces

August 28, 2020 12:57 pm

Introduction Most of the time, the relationship between cybercrime campaigns and malware strains is simple. Some malware strains, like the gone-but-not-forgotten GandCrab, are intimately tied to a single actor, who is using the... Click to Read More

An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods

August 27, 2020 12:57 pm

Research By: Alex Ilgayev Introduction The notorious banking trojan Qbot has been in business for more than a decade. The malware, which has also been dubbed Qakbot and Pinkslipbot, was discovered in 2008... Click to Read More

Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon’s Alexa

August 13, 2020 1:59 am

Research By: Dikla Barda, Roman Zaikin , Yaara Shriki  Introduction & Motivation “Please lower the temperature of the AC, it’s getting humid in here,” said Eric to Alexa, who turned the AC to... Click to Read More

Don’t be silly – it’s only a lightbulb

August 7, 2020 1:28 pm

Research by: Eyal Itkin Background Everyone is familiar with the concept of IoT, the Internet of Things, but how many have heard of smart lightbulbs? You can control the light in your house, and... Click to Read More

CPR Anti-Debug Encyclopedia: The Check Point Anti-Debug Techniques Repository

August 5, 2020 1:34 am

Debugging is the essential part of malware analysis. Every time we need to drill down into malware behavior, restore encryption methods or examine communication protocols – generally, whenever we need to examine memory... Click to Read More