Clik here to view.
Ransommail: Ransomware Mobile Twist With Blackmail
We have all read about the cryptolocker malware that encrypts the victim’s data and then ask for ransom money for helping to decrypt the data; We have also heard many real-life stories where...
View ArticleClik here to view.
Malvertising on Indonesian portal gopego.com delivers Cryptowall 3.0
On February 4, 2015, Cyphort Labs detected another malvertising campaign originating from gopego.com. The site displays a malicious advertisement that redirects to other malicious links and eventually...
View ArticleClik here to view.
DIY Chatroom and over a hundred forums injected with malware
Cyphort Labs discovered a malware campaign attacking over a hundred popular forum websites. They are powered by outdated software so the vulnerability was likely used to compromise them, injecting the...
View ArticleClik here to view.
Multiple Malwares used to Target an Asian Financial Institution
Recently, Cyphort Labs received multiple malware samples that were used to target a financial institution in Asia. Due to an ongoing investigation, we will keep the company name anonymous. The source...
View ArticleClik here to view.
Infected Korean Website Installs Banking Malware
On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and...
View ArticleClik here to view.
Psychcentral.com infected with Angler EK: Installs bedep, vawtrak and POS...
On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral...
View ArticleClik here to view.
Radamant Ransomware distributed via Rig EK
A new ransomware called Radamant has been discovered in early December 2015. On December 31, we found compromised websites redirecting to Rig Exploit Kit and downloading this ransomware. The following...
View ArticleClik here to view.
Angler EK leads to fileless Gootkit
On January 27, 2016 Cyphort Labs discovered a site infected with Angler EK leading to a fileless Gootkit (a.k.a. XswKit) malware. The site was redirecting visitors to the malware through a compromised...
View ArticleClik here to view.
New Family of Ransom Locker Found, Uses TOR Hidden Service
On March 9 2016, Cyphort Labs discovered an infection on a porn site keng94(dot)com redirecting visitors to an exploit kit and installing a Ransom Locker. The site is redirecting users to...
View ArticleClik here to view.
Malvertising on Indonesian portal gopego.com delivers Cryptowall 3.0
On February 4, 2015, Cyphort Labs detected another malvertising campaign originating from gopego.com. The site displays a malicious advertisement that redirects to other malicious links and eventually...
View ArticleClik here to view.
DIY Chatroom and over a hundred forums injected with malware
Cyphort Labs discovered a malware campaign attacking over a hundred popular forum websites. They are powered by outdated software so the vulnerability was likely used to compromise them, injecting the...
View ArticleClik here to view.
Multiple Malwares used to Target an Asian Financial Institution
Recently, Cyphort Labs received multiple malware samples that were used to target a financial institution in Asia. Due to an ongoing investigation, we will keep the company name anonymous. The source...
View ArticleClik here to view.
Infected Korean Website Installs Banking Malware
On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and...
View ArticleClik here to view.
Psychcentral.com infected with Angler EK: Installs bedep, vawtrak and POS...
On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral...
View ArticleClik here to view.
Radamant Ransomware distributed via Rig EK
A new ransomware called Radamant has been discovered in early December 2015. On December 31, we found compromised websites redirecting to Rig Exploit Kit and downloading this ransomware. The following...
View ArticleClik here to view.
Angler EK leads to fileless Gootkit
On January 27, 2016 Cyphort Labs discovered a site infected with Angler EK leading to a fileless Gootkit (a.k.a. XswKit) malware. The site was redirecting visitors to the malware through a compromised...
View ArticleClik here to view.
New Family of Ransom Locker Found, Uses TOR Hidden Service
On March 9 2016, Cyphort Labs discovered an infection on a porn site keng94(dot)com redirecting visitors to an exploit kit and installing a Ransom Locker. The site is redirecting users to...
View ArticleClik here to view.
Infected Site Installs TeamViewer
On June 30, 2016, Cyphort Labs discovered an infection via malvertising on the website trendystyleshop.com. According to Domain Tools, the site was registered in February 2016 under namecheap.com. What...
View ArticleClik here to view.
Trik: A Bot With A Lot Up Its Sleeve
Over the past couple of months, Cyphort Labs identified a new version of Trik bot. Our in-the-wild Top Threats identification shows this bot to be one of the top in June and July. Trik is a worm...
View ArticleClik here to view.
Buhtrap Malware: What Every Bank’s Security Team Needs To Know
In our recent blog, we talked about the delivery of Buhtrap by using compromised website and a recent web exploit. On this blog, we will focus on the second stage payload and the state of Buhtrap...
View Article