Faxploit: Sending Fax Back to the Dark Ages

August 12, 2018 3:09 pm

Research By: Eyal Itkin, Yannay Livneh and Yaniv Balmas   Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were... Click to Read More

Man-in-the-Disk: Android Apps Exposed via External Storage

August 12, 2018 1:09 pm

Research By: Slava Makkaveev   Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to... Click to Read More

FakesApp: A Vulnerability in WhatsApp

August 7, 2018 4:15 am

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu   As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages... Click to Read More

Ramnit’s Network of Proxy Servers

August 5, 2018 11:30 am

Research By: Alexey Bukhteyev   As you may know, Ramnit is one of the most prominent banking malware families in existence today and lately Check Point Research monitored a new massive campaign of Ramnit,... Click to Read More

Osiris: An Enhanced Banking Trojan

July 31, 2018 8:54 am

Research By: Yaroslav Harakhavik and Nikita Fokin   Following our recent analysis of the Kronos banking Trojan, we discovered that Kronos has also now been enhanced to hide its communication with C&C server using... Click to Read More

A Malvertising Campaign of Secrets and Lies

July 30, 2018 6:00 am

  Check Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via... Click to Read More

Emotet: The Tricky Trojan that ‘Git Clones’

July 24, 2018 1:57 am

Research by: Ofer Caspi, Ben Herzog The Emotet Trojan downloader originally debuted in 2014 as a banking Trojan that took an unusual approach to stealing banking credentials; Instead of hooking per-browser functions in... Click to Read More

GlanceLove: Spying Under the Cover of the World Cup

July 12, 2018 6:02 am

  When the whistle of the first match of the 2018 World Cup blew, it didn’t just signal the start of an exciting tournament for football fans worldwide, but also gave the green... Click to Read More

Cyber Attack Trends: 2018 Mid-Year Report

July 12, 2018 6:00 am

  When it comes to the global cyber threat landscape, threats are ever evolving, keeping organizations, as well as the security research community, constantly challenged. In our Cyber Attack Trends: 2018 Mid-Year Report... Click to Read More

APT Attack In the Middle East: The Big Bang

July 8, 2018 2:24 am

  Over the last few weeks, the Check Point Threat Intelligence Team discovered the comeback of an APT surveillance attack against institutions across the Middle East, specifically the Palestinian Authority. The attack begins... Click to Read More

Deep Dive into UPAS Kit vs. Kronos

June 12, 2018 12:53 pm

Research By: Mark Lechtik    Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the... Click to Read More

Scriptable Remote Debugging with Windbg and IDA Pro

June 7, 2018 3:21 pm

Research by: Ben Herzog (updated December 2018) Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working... Click to Read More

Banking Trojans Under Development

June 6, 2018 3:14 pm

  Although banks themselves have taken measures to strengthen the security of their authentication processes, Banker Trojans, however, are still a popular tool for stealing user’s financial details and draining bank accounts. The... Click to Read More

Handling BSODs in Your Sandbox: A Useful Addition to Your Emulation Toolbox

May 23, 2018 4:07 pm

  In our malware laboratory sandbox, we emulate a large number of samples each day. These emulations provide a lot of useful information, such as IoCs (Indicators of Compromise), that we use to... Click to Read More

Remote Code Execution Vulnerability on LG Smartphones

May 8, 2018 8:58 am

Research By: Slava Makkaveev   Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’).... Click to Read More