Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
Spam campaign: Netwire RAT via paste.ee and MS Excel to German users
G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL.
40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger
Public source code repository at Bitbucket.org was as abused to host CryptBot, Buer loader with NuclearBot and Cryptominer.
Browser manufacturers make filtering of websites more difficult: Safety suffers
Google has recently announced that it will be switching off the so-called webRequest API in the versions of Chrome it will release next year. This interface enables web content to be filtered. Microsoft has announced a similar move. Switching off the API makes effective filtering of web content…
Windows 7 support: time is running out
Microsoft will stop supporting Windows 7 on 14 January 2020. Anyone still using the operating system will no longer receive security updates after 15 January. We have put together the most important tips to bear in mind when switching over.
Malware Naming Hell Part 1: Taming the mess of AV detection names
Everyone who deals with malware will know this: Malware names are a convoluted mess. AV scanners will show different detection names for the same file. This confusion is also reflected in media coverage. Is there a way out of this mess?
Analysis: Server-side polymorphism & PowerShell backdoors
Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
Predictions 2019: "The era of simple Android malware is over"
Whether on smartphones, desktop computers, crypto currencies or websites - IT security is becoming increasingly important for end-users. We give an outlook on the most important trends for the year 2019.
Malware figures for the first half of 2018: The danger is on the web
More often than not, today's malware is distributed via the web – executable files are becoming less of a problem. Also, the G DATA security experts were able to identify a particular trend in the first half of the year that targets users' computers.