Explained: regular expression (regex)

antispyware

Regular expression, or “regex” for short, is a mathematical term for the theory used to describe regular languages. But in computing, regexes are used to search for patterns in files and databases, and their functionality is incorporated into many modern programming languages. Regex search patterns make wildcards look like clumsy clowns because they offer a whole … [Read more…]

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes on, and you don’t need … [Read more…]

Reversing malware in a custom format: Hidden Bee elements

Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can also be achieved by position-independent code—so-called shellcode. But when it comes to more complex elements or core modules, we almost take it for granted that it will be a PE file that is a … [Read more…]

Loki Bot: On a hunt for corporate passwords

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki … [Read more…]

BusyGasper – the unfriendly spy

In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat. From a technical point of … [Read more…]

Fileless malware: getting the lowdown on this insidious threat

antispyware

Traditionally, malware attacks as we have always known them are files written to disk in one form or another that require execution in order to carry out their malicious scope. Fileless malware, on the other hand, is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists dynamically … [Read more…]

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than stealing funds. The Trojan has evolved since then, aided by a large-scale distribution campaign by its creators (in spring-summer 2017), helping Asacub to claim top … [Read more…]

Official Cardi B website plagued by spammers

We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B (or rather, for her web development team). At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see the following … [Read more…]

Mobile Menace Monday: FakeGift is the gift that keeps on frustrating

Last spring, we found yet another piece of riskware on Google Play we call Android/PUP.Riskware.FakeGift. Based on Hindi characters found in the code, we can assume it originates from India. With over 50,000 installs before being removed from Google Play, FakeGift apparently kept on giving—frustration to its users, that is. Click to view slideshow. Gift … [Read more…]

A week in security (August 20 – 26)

antispyware

Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die. Other cybersecurity news There was an archiving error in Twitch HQ. Unfortunately, that left some private user … [Read more…]