Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk

January 5, 2022 1:56 pm

Research by: Golan Cohen Introduction Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader... Click to Read More

A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard

December 27, 2021 2:30 pm

Earlier this year, Check Point Research published the story of “Jian” — an exploit used by Chinese threat actor APT31 which was “heavily inspired by” an almost-identical exploit used by the Equation Group,... Click to Read More

Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions

December 16, 2021 1:58 pm

Research by: Alexey Bukhteyev Check Point Research (CPR) spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread The new variant “Twizt” enables... Click to Read More

The Laconic Log4Shell FAQ

December 14, 2021 7:00 pm

What is Log4Shell (CVE-2021-44228)? A Remote Code Execution vulnerability in log4j2, a popular logging framework used in Java applications. What does this mean in practice? It means you can compromise a machine by... Click to Read More

When old friends meet again: why Emotet chose Trickbot for rebirth

December 8, 2021 1:58 pm

Research by: Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel Overview Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down... Click to Read More

Smishing Botnets Going Viral in Iran

December 1, 2021 2:33 pm

Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old... Click to Read More

Looking for vulnerabilities in MediaTek audio DSP

November 24, 2021 1:55 pm

Research By: Slava Makkaveev Introduction Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT... Click to Read More

Uncovering MosesStaff techniques: Ideology over Money

November 15, 2021 1:17 pm

Introduction In September 2021, the hacker group MosesStaff began targeting Israeli organizations, joining a wave of attacks which was started about a year ago by the Pay2Key and BlackShadow attack groups. Those actors... Click to Read More

PixStealer: a new wave of Android banking Trojans abusing Accessibility Services

September 29, 2021 12:54 pm

Research by: Israel Wernik, Bohdan Melnykov Introduction By limiting physical interactions, the COVID-19 pandemic significantly accelerated the digitization of the banking industry to fulfill customer needs.  To cope with the demand, improve access... Click to Read More

Indra — Hackers Behind Recent Attacks on Iran

August 14, 2021 11:00 am

Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria.

Do you like to read? I can take over your Kindle with an e-book

August 6, 2021 12:57 pm

Research By: Slava Makkaveev Introduction Since 2007, Amazon has sold tens of millions of Kindles, which is impressive. But this also means that tens of millions of people could have potentially been hacked... Click to Read More

Stealth is never enough, or Revealing Formbook successor’s C&C infrastructure

August 2, 2021 5:25 pm

By: Alexey Bukhteyev & Raman Ladutska Reliability is one of the main requirements for software, and malware is no exception. If a malware product is reliable enough to exfiltrate the data from the... Click to Read More

Time-proven tricks in a new environment: the macOS evolution of Formbook

July 27, 2021 11:15 pm

By: Alexey Bukhteyev & Raman Ladutska The vast majority of threats for macOS are Adware such as Shlayer, Bundlore, Pirrit, and others. Compared to Windows, we only rarely encounter really harmful macOS malware... Click to Read More

Top prevalent malware with a thousand campaigns migrates to macOS

July 21, 2021 12:57 pm

By: Alexey Bukhteyev and Raman Ladutska From a simple keylogger to a top prevalent malware Formbook is currently one of the most prevalent malware. It has been active for more than 5 years... Click to Read More

IndigoZebra APT continues to attack Central Asia with evolving tools

July 1, 2021 1:00 pm

Introduction Check Point research recently discovered an ongoing spear-phishing campaign targeting the Afghan government. Further investigation revealed this campaign was a part of a long-running activity targeting other Central-Asia countries, including Kyrgyzstan and... Click to Read More