ServHelper: Hidden Miners
It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better.
Techniques: Current Use of Virtual Machine Detection Methods
A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine. Therefore, malware authors use techniques to alter the malware's behavior when being run in a VM. But how do they actually do it?
Code-Signed malware: What's all the buzz about? Looking at the "Ryuk" ransomware as an example.
Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has…
Analysis: Server-side polymorphism & PowerShell backdoors
Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.
Vulnerability in WhatsApp: Targeting human rights activists
According to his own statements, a London human rights lawyer has become the target of an attack with an espionage tool. A security vulnerability in Whatsapp made it possible to taget data on a compromised device.
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
Group chats: Apple's Facetime turns iPhone into a bug
A security flaw in Apple's Facetime can turn the iPhone into an eavesdropping device. It will transmit a live feed from the device's camera and microphone to the eavesdropper. The affected feature has been cut off for now.
Security tip for this holiday season: Uninstall Flash
During the holiday season, users can do themselves a big favor by ditching Adobe Flash, a software notorious for its frequent security flaws. The reason: A zero-day-exploit, which has been spotted at Hacking Team.
How we discovered a Ukranian cybercrime hotspot
Our researchers wanted to take a closer look at the GandCrab ransomware. Then they found an entire cybercrime network, operating from Ukraine.
Next-Generation Antivirus: How G DATA can protect customers from unknown threats
Antivirus programs no longer only work with malware signatures. Read about the next-generation technologies G DATA uses and how you can benefit from them.
Hauke Gierow
Teamlead PR & Public Affairs
Vera Haake
Spokesperson Events & Location Communication