Deep Dive into UPAS Kit vs. Kronos

June 12, 2018 12:53 pm

Research By: Mark Lechtik    Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the... Click to Read More

Scriptable Remote Debugging with Windbg and IDA Pro

June 7, 2018 3:21 pm

Research by: Ben Herzog (updated December 2018) Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working... Click to Read More

Banking Trojans Under Development

June 6, 2018 3:14 pm

  Although banks themselves have taken measures to strengthen the security of their authentication processes, Banker Trojans, however, are still a popular tool for stealing user’s financial details and draining bank accounts. The... Click to Read More

Handling BSODs in Your Sandbox: A Useful Addition to Your Emulation Toolbox

May 23, 2018 4:07 pm

  In our malware laboratory sandbox, we emulate a large number of samples each day. These emulations provide a lot of useful information, such as IoCs (Indicators of Compromise), that we use to... Click to Read More

Remote Code Execution Vulnerability on LG Smartphones

May 8, 2018 8:58 am

Research By: Slava Makkaveev   Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’).... Click to Read More

Telegram: Cyber Crime’s Channel of Choice

May 7, 2018 11:41 pm

  Introduction The Dark Web is a hive of illicit activity. From illegal guns and drug dealing to the Ransomware-as-a-Service programs buyers and sellers can use this medium to trade and exchange both... Click to Read More

SiliVaccine: Inside North Korea’s Anti-Virus

May 1, 2018 6:07 am

Research By: Mark Lechtik and Michael Kajiloti   Revealed: In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea’s home-grown anti-virus software, SiliVaccine. One of... Click to Read More

A Crypto Mining Operation Unmasked

April 29, 2018 8:00 am

  Introduction With the emerging threat of miners and the rise of cryptocurrencies that have taken the world by storm lately, Check Point Research has been keeping an eye out for mining campaigns.... Click to Read More

MMap Vulnerabilities – Linux Kernel

April 29, 2018 5:04 am

Research By: Eyal Itkin   As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers.... Click to Read More

NTLM Credentials Theft via PDF Files

April 26, 2018 7:00 am

  Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team... Click to Read More

A New Phishing Kit on the Dark Net

April 24, 2018 5:54 am

  Check Point Research and the cyber intelligence company, CyberInt, have collaborated to discover the next generation in phishing kits, currently being advertised on the Dark Net. Unlike previous kits which are primarily... Click to Read More

Check Point’s 2018 Security Report

April 15, 2018 1:13 am

  2017 was a pivotal year that surprised many in the IT security industry. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to full scale nation state attacks, it... Click to Read More

Uncovering Drupalgeddon 2

April 12, 2018 6:18 am

Research By: Eyal Shalev, Rotem Reiss and Eran Vaknin   Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security... Click to Read More

Return of the Festi Rootkit

April 3, 2018 12:26 pm

  Festi, a once popular rootkit is back in the wild, distributed mainly by the RIG exploit kit. A long known Windows rootkit, Festi dates back to 2009 where at that time it... Click to Read More

Necurs is Back, Just in Time for Easter

April 1, 2018 12:15 pm

  After a drastic decline in the volume of spam coming from the Necurs spambot observed by Check Point Telemetry in the past month, the infamous botnet is back once again and is... Click to Read More