What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Malware analysis

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices. The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of . . . Read more

DeathStalker APT Spices Things Up with PowerPepper Malware

A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. The DeathStalker advanced persistent threat (APT) group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal . . . Read more

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign. A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted . . . Read more

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

The modular malware is highly sophisticated but may not be able to capture credit-card info. ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale (PoS) solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking . . . Read more

Russian Espionage Group Updates Custom Malware Suite

Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government.

GravityRAT Comes Back to Earth with Android, macOS Spyware

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Software AG Data Released After Clop Ransomware Strike – Report

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

HEH P2P Botnet Sports Dangerous Wiper Function

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.