05/26/2020 - Karsten Hahn
Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
Techblog
05/19/2020 - Karsten Hahn
PE trick explained: Telling 32 and 64 bit apart with naked eye
There is a simple trick to see the bitness of a Portable Executable file immediately by looking into a hex editor. But why does it even work? And is it reliable?
05/14/2020 - Karsten Hahn
Spam campaign: Netwire RAT via paste.ee and MS Excel to German users
G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL.
05/08/2020 - Phillip Kemkes
Techniques: Current Use of Virtual Machine Detection Methods
A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine. Therefore, malware authors use techniques to alter the malware's behavior when being run in a VM. But how do they actually do it?
04/02/2020 - G DATA Security Lab
Pekraut - German RAT starts gnawing
Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.
03/05/2020 - Stefan Karpenstein
Switching providers made easy - dispelling preconceptions by talking to presales
A company is no longer satisfied with its current IT security solution. And yet they shy away from switching providers. But doing so is easier than they think. The Presales Consultants at G DATA CyberDefense have the right answers to the questions niggling IT managers and will develop a suitable…
03/03/2020 - Stefan Karpenstein
Well-disguised attacks: Malware samples threaten PCs and networks every few seconds
Cyber criminals’ targets have not changed in the past year. They are after passwords and confidential data and try to encrypt data and systems. The current Malware Top 10 showing the ten most active malware families indicate how active the attackers have been in 2019.
02/27/2020 - Stefan Hausotte
Presenting a Graph-based User Interface for Malware Analysis at the Global Graph Summit
End of January 2020, the Global Graph Summit took place in Austin TX, USA. The summit is the biggest conference in the world with a focus on graph computation and graph-related technologies. Stefan Hausotte from G DATA presented the work of his team for the second time at the Global Graph Summit.…
02/25/2020 - Tim Berghoff
Password rules: Changing passwords regularly damages security
There’s a saying that you should treat passwords like your underwear - change them regularly and don't share them with others. However, opposition to this has been building for some time now. Changing passwords regularly doesn't improve security - quite the opposite.
02/06/2020 - Karsten Hahn
40,000 CryptBot Downloads per Day: Bitbucket Abused as Malware Slinger
Public source code repository at Bitbucket.org was as abused to host CryptBot, Buer loader with NuclearBot and Cryptominer.
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist