Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!”style=”text-align:right”> In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy. NeutrinoPOS vs Jimmy The authors seriously rewrote the … [Read more…]

419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”

I’m not saying an email claiming to be from the “Central Bank of Nigeria” with a contact handler named “Rev. Goodluck Ebola” will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref: FGN/CBN/NIG/01/2017. Your Ref…………………………. From The … [Read more…]

Inside the Kronos malware – part 2

In the previous part of the Kronos analysis, we took a look at the installation process of Kronos and explained the technical details of the tricks that Kronos uses in order to remain more stealthy. Now we will move on to look at the malicious actions that Kronos can perform. Analyzed samples ede01f7431543c1fef546f8e1d693a85 – downloader … [Read more…]