Clik here to view.
DIY Chatroom and over a hundred forums injected with malware
Cyphort Labs discovered a malware campaign attacking over a hundred popular forum websites. They are powered by outdated software so the vulnerability was likely used to compromise them, injecting the...
View ArticleClik here to view.
Multiple Malwares used to Target an Asian Financial Institution
Recently, Cyphort Labs received multiple malware samples that were used to target a financial institution in Asia. Due to an ongoing investigation, we will keep the company name anonymous. The source...
View ArticleClik here to view.
Infected Korean Website Installs Banking Malware
On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and...
View ArticleClik here to view.
Psychcentral.com infected with Angler EK: Installs bedep, vawtrak and POS...
On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral...
View ArticleClik here to view.
Radamant Ransomware distributed via Rig EK
A new ransomware called Radamant has been discovered in early December 2015. On December 31, we found compromised websites redirecting to Rig Exploit Kit and downloading this ransomware. The following...
View ArticleClik here to view.
Angler EK leads to fileless Gootkit
On January 27, 2016 Cyphort Labs discovered a site infected with Angler EK leading to a fileless Gootkit (a.k.a. XswKit) malware. The site was redirecting visitors to the malware through a compromised...
View ArticleClik here to view.
New Family of Ransom Locker Found, Uses TOR Hidden Service
On March 9 2016, Cyphort Labs discovered an infection on a porn site keng94(dot)com redirecting visitors to an exploit kit and installing a Ransom Locker. The site is redirecting users to...
View ArticleClik here to view.
Infected Site Installs TeamViewer
On June 30, 2016, Cyphort Labs discovered an infection via malvertising on the website trendystyleshop.com. According to Domain Tools, the site was registered in February 2016 under namecheap.com. What...
View ArticleClik here to view.
Trik: A Bot With A Lot Up Its Sleeve
Over the past couple of months, Cyphort Labs identified a new version of Trik bot. Our in-the-wild Top Threats identification shows this bot to be one of the top in June and July. Trik is a worm...
View ArticleClik here to view.
Buhtrap Malware: What Every Bank’s Security Team Needs To Know
In our recent blog, we talked about the delivery of Buhtrap by using compromised website and a recent web exploit. On this blog, we will focus on the second stage payload and the state of Buhtrap...
View ArticleClik here to view.
New Breed of Cerber Ransomware Employs Anti-Sandbox Armoring
Most sandboxes typically have some API monitoring module to be able to identify and describe what the program is trying to do. In order to do this, they hook APIs that they want to monitor using...
View ArticleClik here to view.
Karmen Ransomware-as-a-Service flawed
Karmen is a new RaaS (Ransomware as a Service) being offered in the underground forum. According to a recent research from Recorded Future, this ransomware is being advertised and sold in a...
View ArticleClik here to view.
EternalBlue Exploit Actively Used to Deliver Remote Access Trojans
During the WannaCry pandemic attack, Cyphort Labs discovered that other threat actors have been using the same EternalBlue exploit to deliver other malware. This malware is not a ransomware and is not...
View ArticleClik here to view.
Infected Korean Website Installs Banking Malware
On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and...
View Article