malware   13421

« earlier    

New malware found using Google Drive as its command-and-control server
backdoor Trojan, called RogueRobin, which infects victims' computers by tricking them into opening a Microsoft Excel document containing embedded VBA macros, instead of exploiting any Windows zero-day vulnerability.

Enabling the macro drops a malicious text (.txt) file in the temporary directory and then leverages the legitimate 'regsvr32.exe' application to run it, eventually installing the RogueRobin backdoor written in C# programming language on the compromised system

The new malware campaign suggests that the APT hacking groups are shifting more towards abusing legitimate services for their command-and-control infrastructure to evade detection.

It should be noted that since VBA macros is a legitimate feature, most antivirus solutions do not flag any warning or block MS Office documents with VBA code.
cybersecurity  google  threathunting  malware  c2  backdoor  macro 
20 hours ago by bwiese
Bitcoin Abuse Database
Tracking bitcoin addresses used by ransomware, blackmailers, fraudsters, etc.
bitcoin  blockchain  security  malware  fraud 
2 days ago by chrismyth
Bypass EDR’s memory protection, introduction to hooking
On a recent internal penetration engagement, I was faced against an EDR product that I will not name. This product greatly hindered my ability to access lsass’ memory and use our own custom flavor of Mimikatz to dump clear-text credentials.
cylance  edr  malware  bypass 
3 days ago by whip_lash
Google Play malware used phones’ motion sensors to conceal itself
The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.
2019  article  security  mobile  malware 
3 days ago by bignose
HTTP Evader - Automate Firewall Evasion Tests
The following tests try to transfer the EICAR test virus to you using differently shaped responses of the web server. This official test virus should be detected by any antivirus solution but does not do any harm.

To find out if you are vulnerable simply point your browser to the HTTP Evader test site. Before you report any problems to your firewall vendor please read the section about false positives and verify that the detected evasion is really possible.
antivirus  evasion  malware 
5 days ago by whip_lash
What’s the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)
Windows 10 won’t hassle you to install an antivirus like Windows 7 did. Since Windows 8, Windows now includes a built-in free antivirus called Windows Defender. But is it really the best for protecting your PC–or even just good enough?
malware  virus 
6 days ago by Bookman
Eight months after discovery, unkillable LoJax rootkit campaign remains active | Ars Technica
Control servers for Fancy Bear's UEFI-burrowing malware still responding to pings.
Last May, researchers published a bombshell report documenting sophisticated malware attributed to the Russian government. The malware, dubbed "LoJax," creates a persistent backdoor that survives operating system reinstalls and hard drive replacements. On Wednesday, researchers published new findings that indicate the campaign remains active.
LoJax in May became the first known case of a real-world attack harnessing the power of the Unified Extensible Firmware Interface boot system found in virtually all modern Windows computers. As software that bridges a PC’s firmware and its operating system, UEFI is essentially a lightweight operating system in its own right. That makes it a handy place to hide rootkits because once there a rootkit will remain in place even after an OS is reinstalled or a hard drive is replaced.
privacy  security  firmware  malware  rootkit  russia 
7 days ago by rgl7194
First UEFI malware discovered in wild is laptop security software hijacked by Russians | Ars Technica
“LoJax” repurposed LoJack anti-theft agent as rootkit that could survive OS re-installs.
ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit," active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.
Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system being used in an attack by an adversary. And based on the way the malware was spread, it is highly likely that it was authored by the Sednit/Fancy Bear/APT 28 threat group—the Russian state-sponsored operation tied by US intelligence and law enforcement to the cyber-attack on the Democratic National Committee.
privacy  security  firmware  malware  rootkit  russia 
7 days ago by rgl7194
Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell - Malware - 0x00sec - The Home of the Hacker
When I say bypassing, I mean completely bypass detection, from the phishing email received by the user to the reverse shell. Something realistic, not just writing a malware and see if it gets executed.

So if we can’t use the classic techniques, about trying some new (old) trick?

Turns out, it was pretty trivial ¯\_(ツ)_/¯.
malware  pentest  antivirus 
8 days ago by whip_lash

« earlier    

related tags

$25k  000  100  2018  2019  265  2fa  35c3  510  644  a  account  active  ad  administrator  advances  advertising  affaits  africa  ai  algorithms  analysis  analytics  and  andrewtsonchev  android  android9  antivirus  app  apple  apps  article  atlanta  attacker  attribution  author  awful  backdoor  banks  battery  being  binary  bitcoin  blacklists  blackout  blockchain  blocklist  boingboing  bot  bots  breaking  browser  bruceschneier  businessinsider  by  bypass  c#  c&c  c2  combines  communicating  competition  computers  corydoctorow  cryptolocker  custom  cyber  cybersecurity  cyberx  cylance  darktraceindustrial  data  deception  decoder  defuse  defusing  desalination  detect  detection  detector  dfir  directory  disassembler  dishonesty  disk-wiping  distribution  dll  dns  dotnet  down  draining  dyndns  edr  elasticsearch  entire-web-as-malware  evasion  exploit-kit  extension  extortion  factories  fail  failures  features  firmware  flaw  flintcapital  forensics  found  fraud  free  from  funds  games  gang  gatwickairport  github  go  golduck  google  googleplay  government  hack  hacked  hackers  hacking  hex  history  hit  horrorstories  hosting  how-to  humor  imaging  in  info-stealing  infosec  infrastructure  injection  installed  insurance  internet  internetarchive  into  ios  iot  ip  iran  ironpython  israel  javascript  jimedwards  keeps  krebs  lamepyre  laps  launches  libraries  linux  local  log  mac  machine  machines  macos  macro  magento  malicious  mauritania  maybesolution  mediashift  metrics  microsoft-sample-submission-portal  microsoft-submit-malware  microsoft  mimikatz  misinformation  mobile  mondelez  msdos  museum  network  new  news  nhs  nilgiller  nokia  northkorea  notpetya  off-the-shelf  old  on  opendns  opensource  opera  opsec  osx  paganini  partitions  password  passwords  paypal  pdf  pentest  pentesting  phishing  pierluigi  politics  postexploitation  powershell  prediction  privacy  prize  programming  proxy  ransomware  re-emerges  reference  report  reports  repository  research  researchers  retro  reveals  reverseengineering  reverseeningeering  risks  rootkit  russia  sample  sandiego  scam  screenshots  script  security  seedworm  sends  seo  sergeygribov  servers  shamoon  siemens  sierraleone  site  software  spam  spy  statistics  steal  steganography  stego  step7  store  stores  stuxnet  take  talking  tampermonkey  technique  technology  telegram  tesla  third  threathunting  to  tools  top  traffic  tricks  trojan  tutorial  twitter  two  ukraine  undetected  up  usa  user  variant  variants  vbscript  virtual  virus  vm  vpn  wannacry  water  web  websites  west  windows-threat-protection  windows  with  wordpress  zurich 

Copy this bookmark: