Malware

IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article explores IceRat and explains a way to analyze JPHP malware.

The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019 (COVID-19). This brought about a change in the everyday life of every individual in every country striving to sustain their daily tasks while simultaneously preventing further infection.…

Babax not only changes its name but also adds a Ring 3 rootkit and lateral spreading capabilities. Furthermore it has a ransomware component called OsnoLocker. Is this combination as dangerous as it sounds?

Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app.

We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system.

A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files.

It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better.

Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though.

The current threat analysis by G DATA CyberDefense shows that the number of attacks prevented in March 2020 has increased significantly. The cyber defence company averted almost a third more attacks than in February.

Ransomware is still evolving. Evidence for this can be seen every day. Our analysts have taken a look at Buran and Zeppelin, a particularly devastating exhibit of this evolution.