
Tag: malware
Nuovi Attacchi Ursnif in Corso "GLS-Italy"
12/18/2019
Proto: N041219. Con la presente Yoroi desidera informarLa riguardo a nuovi attacchi in corso verso le aziende italiane. Le email fraudolente in circolazione tentano di simulare comunicazioni provenienti da noti Corrieri Espresso, al loro interno sono però presenti allegati Excel infetti appositamente studiati per attivarsi su PC di utenti italiani. Questi documenti sono usati per […]
Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
09/20/2019
Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber criminals are choosing it as their preferred recognition tool. During our monitoring operations we discovered an infection-chain designed to deliver this kind […]
Dissecting the 10k Lines of the new TrickBot Dropper
09/11/2019
Introduction TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. But nowadays defining it a “Banking Trojan” is quite reductive: during the last years its modularity brought the malware to a higher level. In fact it can be considered a sort […]
Ondata di Attacchi Contro Aziende Italiane (Ursnif)
09/04/2019
Proto: N020919. Con la presente Yoroi desidera informarLa riguardo al rilevamento di una pericolosa campagna di attacco in corso ai danni di utenti ed Aziende italiane. I messaggi di posta inviati dai cyber criminali contengono riferimenti a ipotetici documenti e fatture fittizie, ed invitano la vittima ad aprire un foglio Excel in grado di infettare […]
JSWorm: The 4th Version of the Infamous Ransomware
09/04/2019
Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up to version 5 until its shutdown, also other ransomware are continuously supported with the purpose […]
New GoBrut Version in the Wild
08/13/2019
Introduction Back in March we spotted and monitored a new emerging threat which we dubbed as GoBrut botnet. In our previous blog post, we analyzed a Windows version of this bot, arguing about the usage of the GoLang programming language, a modern language able to reach extremely high level of code portability, potentially enabling the […]
The Evolution of Aggah: From Roma225 to the RG Campaign
08/06/2019
Introduction Few months ago we started observing a cyber operation aiming to attack private companies in various business sectors, from automotive to luxury, education, and media/marketing. The attack attribution is still unclear but the large scale of the malicious activities has also been confirmed by Unit42, who reported attack attempt against government verticals too. The […]
Java ATM Malware: The Insider Threat Phantom
07/30/2019
Introduction Recently our attention was caught by a really particular malware sample most probably linked to recent cyber criminal operation against the banking sector. This piece of malicious code is a so called "ATM malware": a malicious tool part of a criminal arsenal able to interact with Automatic Teller Machine. ATM malware are used in […]
P2P Worm Spreads Crypto-Miners in the Wild
07/23/2019
Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware along with the desired content. Recently, our threat monitoring operations pointed us to an interesting […]
Anti-Debugging Techniques from a Complex Visual Basic Packer
07/17/2019
Introduction As we described in our previous post, one of the latest trends for the attackers is to leverage the ISO files in order to reduce detection chances. This technique has also been used by a recent Hawkeye spreading campaign. “Hawkeye Keylogger” is an info-stealing malware for sale in the dark-web. Anyone can easily subscribe […]
Nuovo Vettore di Attacco (Allegati CHM)
07/16/2019
Proto: N020719. Con la presente Yoroi desidera informarLa riguardo al recente rilevamento di nuovo vettore di attacco potenzialmente utilizzabile da cyber-criminali e attaccanti attraverso email malevole. Sono stati infatti rilasciati dettagli tecnici relativi a metodologie atte ad abusare dello strumento di sistema Microsoft Compiled HTML Help presente su tutti i sistemi Microsoft e responsabile dell’apertura […]
Spotting RATs: Tales from a Criminal Attack
07/08/2019
Introduction In the last period we observed an increase of the malware spreading using less-known archive types as initial dropper, in particular ISO image. The spread of threats exploiting ISO image to hide themselves is helped by the Windows functionality, introduced since Windows 8, which allows the user to easily mount this file type through […]