Info stealers are nothing new, and Qulab is no exception. Designed to get in quick and get as much data as they can, these malicious programs steal all personal information about you from your computer. In particular, Qulab is know in its current iterations to steal information from browsers, including: login credentials and history file …
Scranos is a new player to the global malware scene that leverages many well-known and some new methods to obtain login credentials and bank information. It can also steal or manipulate information from several online accounts to access your Amazon, Airbnb, Facebook, Steam, and YouTube accounts. How it works Scranos is installed through various methods, …
File compression has been an indispensable tool for computer users ever since it was first developed in the late 1980’s. Back then space on relatively small hard drives was at a premium, and compacting files that weren’t currently being used was a great way to free up a few valuable megabytes. These archived files also …
TrickBot is once again making itself known during tax season and attempting to steal your hard-earned money. TrickBot was originally discovered in October of 2016 but has since changed and evolved dramatically into one of the most prolific attacks today. How it works Just like Emotet, TrickBot primary spreads by specially designed emails or malspam …
Anatova is the nickname given to a new brand of sophisticated ransomware that looks to encrypt your personal or business files and then demands payment to decipher them. How it works Anatova is distributed through peer-to-peer (P2P) file sharing networks. It masquerades as genuine software, often using real icons to fool users into believing it …
Vidar is a relatively new keylogging, data-stealing malware campaign. It is generally distributed through malicious advertisements on less-than-reputable sites such as bit torrent or free video streaming sites. These malvertisements redirect their victims to various exploit kits such as Fallout and GrandSoft, which in turn will infect your machine with various malevolent payloads such as …
Hancitor, also known as Chanitor, is known for dropping its payloads rather than downloading them post-infection, as well as for a unique phishing approach to trick users into downloading and activating Microsoft Word documents with malicious macros. How it works Hancitor uses a new template that attempts to fool the user into believing that it …
Attack Vector: Is the way the attacker gains access to a target. The most common of these are malicious emails but many more exist and are discovered all the time. BackDoor: Is a bypass allowing a Malicious user to connect to the target machine without permission from the target. These can be in the form …
Delivered through malicious spam campaigns, Loki focuses on stealing credentials off the victim computer and runs a keylogger. Loki also communicates back to a Command and Control server (C&C) to report what it finds and to receive commands if needed. How it works Loki, named after the creator’s username Lokistov, is delivered to users through …
ServHelper is a new backdoor with a downloader variant, which first appeared in November of 2018. Named by the Threat actor “Ta505,” ServHelper spreads through email campaigns using a quantity-over-quality approach that has proven to work, albeit less effectively than the Emotet strategies discussed here. ServHelper seems to be largely targeted toward businesses but could …