Meet the latest member of the Locky family: Odin
10/13/2016 [UPDATE: 10/25/2016] - Towards the end of September, the makers of the infamous Locky ransomware have launched a new campaign to spread a new version of the crypto malware. The most obvious difference is the file extension: to identify encrypted personal files, it will be changed to *.odin. Otherwise it bears much resemblance with an earlier version which used the *.zepto file extension. Users of G DATA solutions are...Author: Jaydee Valdez
Dridex - an old dog is learning new tricks
10/21/2016 - A lot of things have been said and written about Dridex in the past few months. It has risen and fallen in prevalence and it was rumored that its makers collaborate with the makers of Locky. Dridex is a well-known banking Trojan steals banking data through a Man-in-the-Browser attack (MITB-attack). In the latest version of Dridex, its infection methods have evolved and Dridex now uses a different...Author: Eruel Ramos
The Kings in Your Castle Pt. #1
10/13/2016 - In an upcoming series of articles on the intricacies of targeted attacks, G DATA’s Marion Marschalek and Raphael Vinot of the Computer Incident Response Center Luxembourg (CIRCL) will shine a light on the internal workings of modern APTs and present their findings during the Troopers Conference in Heidelberg in March 2016. The first part of the series deals with the tools at the disposal of...Author: Tim Berghoff
The Rise of Low Quality Ransomware
09/21/2016 - Most of the bigger players in the ransomware industry seem to put significant effort into gaining and maintaining a certain reputation for their ransomware. For instance, the people behind Cerber are known for their excellent customer service [https://fsecureconsumer.files.wordpress.com/2016/07/customer_journey_of_crypto-ransomware_f-secure.pdf]. They often go at great lengths to ensure flawless...Author: Karsten Hahn
P@55w0rd5 – Blessing or curse?
08/08/2016 - By now, everybody has passwords for something, just like keys to different doors. The more doors you have to unlock, the bigger your keychain is going to be. This in turn pokes holes in pockets and every now and then one of those keys may just slip away. The same applies to passwords. Though they may not take up as much space in your pocket, they take up a lot of real estate in your memory.Author: Tim Berghoff
World of Warcraft: one simple line of code can cost you dearly
07/22/2016 - A few days ago, a new type of gold/item scam made the rounds. Usually scamming in MMORPGs is done using social engineering techniques, e.g. an attacker sells a fake item code for alleged in-game items like mounts to a potential victim for in-game currency. But this most recent kind of attack does not only involve social engineering but also relies on the misuse of a previously undocumented feature...Author: Sascha Curylo & Sabrina Berkenkopf
Pokémon Go: Catch 'em all – but not at any cost
07/12/2016 - Some may still know the adorable little pocket critters that were all the rage in the late 90s. Now they’re back as an Augmented Reality game for smartphones. Attackers try to use the popularity of this brand new game for themselves and prey on impatient gamers who cannot wait for the game to be released: at least one malicious version of the app has been discovered.Author: Tim Berghoff
“HummingBad“ – Money-making Malware, Made in Asia
07/08/2016 - During the past few days and weeks reports surfaced according to which a new type of malware has infected millions of smartphones and tablet PCs worldwide. The malware in question is highly lucrative for its makers – each month they can rake in up to 300.000 Euros in revenue. The makers of this malware work for an advertising company called “Yingmob” which is based out of China, say researchers of...Author: Tim Berghoff
New "Blue Screen of Death": Genuine Help or Security Risk?
06/22/2016 - There is hardly anything more annoying than error messages and the associated trouble with programs that crash, work that has been lost and the like. Microsoft appears to be trying to improve the user experience with its blue screen errors. However, they have not got rid of the infamous “BSOD”, but are allegedly providing a QR code with a link to a matching help page. This technology offers a...Author: Sabrina Berkenkopf
Sunglasses Spam: 85% Discount? That has to be 100% fake!
05/30/2016 - The experts at G DATA SecurityLabs deal with cyber criminals on a daily basis but there are always seasonal particularities. Especially now in spring, the questionable offers of popular sunglasses entering the market are springing up again via spam mails, social media platforms and even short messages on mobiles. The analysts have followed the tracks, explain background information and provide...Author: Sabrina Berkenkopf