Where do malware payloads come from? It’s a question with an apparently trivial answer. Usually these sit on dedicated servers owned by the campaign managers, and occasionally on a legitimate website that has... Click to Read More
Introduction Launching an attack does not always require high technical aptitude on the part of a threat actor, especially when there are ready-made tools available for every stage of the infection chain. Delivery... Click to Read More
We’ve heard this question a lot. We’re even young enough to remember having asked it. The standard answer is often an embarrassed mumble that there are no golden rules, and that you should... Click to Read More
Research by Israel Wernik, Danil Golubenko , Aviran Hazum Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’... Click to Read More
Cybercrime is usually a one-way street. Shady types send their malicious documents and Trojans downstream to us innocent folk. Worst-case scenario, we get infected. Best-case scenario, we smirk, hit “delete” and move on... Click to Read More
Introduction Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.... Click to Read More
Following our recent Phorpiex publications, we finish with technical descriptions of the modules we encountered in this campaign. Below we describe the remaining ones: XMRig Silent Loader. NetBIOS Worm Module. Auxiliary modules (includes... Click to Read More
For the latest discoveries in cyber research for the week of March 2nd 2020, please download our Threat Intelligence Bulletin TOP ATTACKS AND BREACHES An unprotected ElasticSearch database belonging to the sport retailer... Click to Read More
As malicious threats evolve, the necessity in automated solutions to analyze such threats emerges. It’s a very common case when malware samples are executed in some kind of virtualized environment. These environments differ... Click to Read More
Research by: Yohann Sillam and Daniel Alima Introduction and Context Check Point researchers are following an evolving, ongoing malspam campaign that is targeting more than 80 Turkish companies. The malware uses different evasive... Click to Read More
Researched by: Yaroslav Harakhavik Selling malware as a service (MaaS) is a reliable way for criminals to make money. Recently, various Remote Access Tools (RAT) have become increasingly popular. Though these RATs... Click to Read More
Research by Ronen Shustin Cloud Attack Part II In the previous part we talked about the Azure Stack architecture and mentioned that it can be extended with features that are not part of... Click to Read More
Overview Predator the Thief is a sophisticated malicious stealer which has been on the scene for around one and a half years. What started as coding experiments in malware development later evolved into... Click to Read More
Alexander Chailytko Cyber Security, Research & Innovation Manager In this publication we describe a technique which would have allowed a threat actor to potentially identify and join active meetings. All the details discussed... Click to Read More
The Phorpiex botnet currently consists of more than 1,000,000 infected Windows computers. In our previous publications, we wrote about the botnet architecture, its command and control infrastructure, and monetization methods: Phorpiex Breakdown In... Click to Read More
