05/26/2020 - Karsten Hahn
Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
Malware
05/19/2020 - Karsten Hahn
PE trick explained: Telling 32 and 64 bit apart with naked eye
There is a simple trick to see the bitness of a Portable Executable file immediately by looking into a hex editor. But why does it even work? And is it reliable?
05/14/2020 - Karsten Hahn
Spam campaign: Netwire RAT via paste.ee and MS Excel to German users
G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL.
04/02/2020 - G DATA Security Lab
Pekraut - German RAT starts gnawing
Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.
03/03/2020 - Stefan Karpenstein
Well-disguised attacks: Malware samples threaten PCs and networks every few seconds
Cyber criminals’ targets have not changed in the past year. They are after passwords and confidential data and try to encrypt data and systems. The current Malware Top 10 showing the ten most active malware families indicate how active the attackers have been in 2019.
02/06/2020 - Karsten Hahn
40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger
Public source code repository at Bitbucket.org was as abused to host CryptBot, Buer loader with NuclearBot and Cryptominer.
11/21/2019 - Karsten Hahn
New SectopRAT: Remote access malware utilizes second desktop to control browsers
This new remote access malware creates a second desktop that is invisible to the system's user. The threat actor can surf the Internet using the infected machine.
11/11/2019 - Karsten Hahn
Learning from the best: Attending AllStars 2019
This year's AllStars took place in Amsterdam in September, alongside the two-day Global AppSec conference. The event offers a full day of the best hand-picked lectures from top speakers and researchers in the field of information security. G DATA virus analyst Karsten Hahn was there and presented…
11/05/2019 - Stefan Karpenstein
Emotet: How an Emotet infection occurs in companies
The Emotet malware is still considered one of the most dangerous threats to corporate IT worldwide. Analysts at G DATA Advanced Analytics have tracked down how an Emotet infection starts gradually infiltrating corporate networks and then takes them out of operation bit by bit.
10/28/2019 - Stefan Karpenstein
Interview with Carl-Benedikt Bender “Machine learning in general is very complex and has a lot of surprises in store”
With its DeepRay AI technology, G DATA is leading the way against rapidly changing malware. Carl-Benedikt Bender, leader of the development team behind DeepRay, explains how the technology works and what specific challenges arose during development.
Hauke Gierow
Teamlead PR & Public Affairs
Vera Haake
Spokesperson Events & Location Communication