The actors behind the Locky ransomware are actively seeking new ways to install their malware on victim computers, and are using a new downloader on the current distribution framework -- which can be a new platform for installing other malware.Read more...
Entries filed under 'Malware'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
- A new version of CenterPOS, known in the cybercrime underground as Cerebrus, has been discovered. This new version now contains additional command options, as well as a configuration file that holds the command and control data and the encryption key.
March 28, 2016 8:00 AM By Nart Villeneuve | Advanced Malware
TREASUREHUNT is a POS malware that appears custom-built for a particular “dump shop” that sells stolen credit card data. TREASUREHUNT enumerates running processes, extracts payment card information from memory, and then transmits this information to a command and control server. This blog takes a closer look.
March 21, 2016 8:30 AM By Robert Venal, Ronghwa Chong, Rex Plantado | Advanced Malware
Cybercriminals continue to innovate, finding creative ways of making threats harder to detect using static signatures. A recent strategy involves two large Dridex campaigns that changed the attachment file type and location to avoid scanners.Read more...
March 18, 2016 8:30 AM By Kenneth Johnson , J. Gomez | Exploits
Visitors to a Korean news site are being redirected to the GongDa Exploit Kit, which we believe has its origins in China. The EK can compromise vulnerable endpoints, allowing harmful malware to be installed.
January 28, 2016 8:00 AM By FireEye Threat Intelligence | Advanced Malware