Tag Archive: Malware

Bumblebee: increasing its capacity and evolving its TTPs

October 3, 2022 2:18 pm

Research by: Marc Salinas Fernandez Background & Key Findings The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to... Click to Read More

Indra — Hackers Behind Recent Attacks on Iran

August 14, 2021 11:00 am

Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria.

GuLoader? No, CloudEyE.

June 8, 2020 1:59 am

Italian company exposed on Clearnet earned up to $ 500,000 helping cybercriminals to deliver malware using cloud drives. Recently, we wrote about the network dropper known as GuLoader, which has been very actively... Click to Read More

Nazar: Spirits of the Past

May 5, 2020 7:00 am

In mid-2017, The Shadow Brokers exposed NSA files in a leak known as "Lost In Translation". Recently, researcher uncovered "Nazar", a previously-unknown APT that was mentioned in the leak. We decided to dive into each and every one of the components and share our technical analysis. What we found out, is far from being "advanced".

Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps

March 24, 2020 2:14 am

Research by Israel Wernik, Danil Golubenko , Aviran Hazum    Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’... Click to Read More

CPR evasion encyclopedia: The Check Point evasion repository

February 27, 2020 3:00 am

As malicious threats evolve, the necessity in automated solutions to analyze such threats emerges. It’s a very common case when malware samples are executed in some kind of virtualized environment. These environments differ... Click to Read More

UPSynergy: Chinese-American Spy vs. Spy Story

September 5, 2019 6:00 am

Research By: Mark Lechtik & Nadav Grossman   Introduction Earlier this year, our colleagues at Symantec uncovered an interesting story about the use of Equation group exploitation tools by an alleged Chinese group... Click to Read More

The Ransomware Doctor Without a Cure

December 2, 2018 2:41 am

  When it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake –... Click to Read More

The Evolution of BackSwap

November 30, 2018 1:06 am

The Story of An Innovative Banking Malware Research By: Itay Cohen   Introduction The BackSwap banker has been in the spotlight recently due to its unique and innovative techniques to steal money from... Click to Read More

KingMiner: The New and Improved CryptoJacker

November 29, 2018 12:34 am

Research by: Ido Solomon and Adi Ikan   Crypto-Mining attacks have grown and evolved in 2018. Due to the rise in value and popularity of crypto currencies, hackers are increasingly motivated to exploit... Click to Read More

New Strain of Olympic Destroyer Droppers

November 15, 2018 2:28 pm

  Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those... Click to Read More

New Ramnit Campaign Spreads Azorult Malware

November 1, 2018 12:58 am

Research by: Nikita Fokin and Alexey Bukhteyev   This summer we wrote about the Ramnit malware and its underlying “Black” botnet campaign which was used for distributing proxy malware. Much to our surprise, the C&C... Click to Read More

Zooming In On “Domestic Kitten”

October 23, 2018 7:29 am

  In recent years, Iran has been channeling significant resources into cyber warfare, devoting designated entities within multiple government agencies to conduct extensive espionage campaigns against foreign countries such as the United States,... Click to Read More

The Emergence of the New Azorult 3.3

October 17, 2018 1:33 pm

Research by: Israel Gubi   During the past week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources.... Click to Read More

Godzilla Loader and the Long Tail of Malware

October 14, 2018 11:41 pm

Research by: Ben Herzog To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for... Click to Read More