This post was authored by Vasilios Hioueras and Jérôme Segura Update (2018-04-16): Magnitude EK has switched from Magniber to GandCrab. Update (2018-02-28): Major…
Tag: RIG
Seamless campaign serves RIG EK via Punycode (updated)
Update (2017-12-05): We noted some malvertising chains using a new domain name (newadultthem[.]info) also hosted on the same IP address as…
Labs report: summer ushers in unprecedented season of breaches
In this edition of the Malwarebytes Cybercrime Tactics and Techniques report for the third quarter of 2017, we saw a number…
A week in security (August 28 – September 3)
Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived…
RIG exploit kit distributes Princess ransomware
We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG…
Report: Second quarter dominated by ransomware outbreaks
The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios…
RoughTed: the anti ad-blocker malvertiser
Given the recent renewed attention about ‘RoughTed’ and Kafeine‘s tweet, we wanted to clarify that RoughTed and associated domains are in fact part…
Binary Options malvertising campaign drops ISFB banking Trojan
We have been witnessing a series of malvertising attacks that keep a low profile with decoy websites and strong IP address filtering….
Canada and the U.K. hit by Ramnit Trojan in new malvertising campaign
Over the last few days we have observed an increase in malvertising activity coming from adult websites that have significant traffic (several million…