Results for 'hasherezade'
Exploit kits: fall 2018 review
October 24, 2018 - Exploit kit (EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of...
Fake browser update seeks to compromise more MikroTik routers
October 12, 2018 - This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing...
Reversing malware in a custom format: Hidden Bee elements
August 30, 2018 - Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can...
Process Doppelgänging meets Process Hollowing in Osiris dropper
August 13, 2018 - One of the Holy Grails for malware authors is a perfect way to impersonate a legitimate process. That would allow them...
‘Hidden Bee’ miner delivered via improved drive-by download toolkit
July 26, 2018 - This blog post was authored by @hasherezade and Jérôme Segura. We recently detected a drive-by download attack trying to exploit CVE-2018-4878, a vulnerability in...
Magniber ransomware improves, expands within Asia
July 16, 2018 - This blog post was authored by @hasherezade and Jérôme Segura. The Magnitude exploit kit is one of the longest-serving browser exploitation...
Exploit kits: Spring 2018 review
June 12, 2018 - Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash...
Malwarebytes CrackMe 2: contest summary
May 22, 2018 - About three weeks ago, we published our second CrackMe. It triggered a lot of interest, and we got many high-quality write-ups....
Malwarebytes CrackMe 2: try another challenge
April 27, 2018 - Last November, we released the first edition of the Malwarebytes CrackMe. Encouraged by the positive response we received from the security community,...
PBot: a Python-based adware
April 18, 2018 - Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker,...