New threat actor uses VBA macros in targeted attacks

In recent years, the revival of malicious VBA macros has become quite popular among cyber criminals. At the beginning of last year, a new threat actor also started to send spear phishing emails with malicious Microsoft Word documents. During my research, I have found multiple malicious documents which indicate that this is a campaign of targeted attacks....

Share:

Read more

What have H1N1 Loader, TreasureHunter and Jolly Roger Stealer in common?

Sometimes, when analysing a malware sample you think: "Wait a minute, I have seen this before". While it's already known that the author of Jolly Roger Stealer is also behind TreasureHunter, this person also wrote H1N1 Loader. When you take a look at the disassembly of Jolly Roger Stealer and H1N1 Loader it becomes clear that it's the same coding style....

Share:

Read more

Geographical distribution of Furtim malware infections

One month ago, someone posted a malware sample on the Kernelmode forum that uses a huge blacklist of security related programs. If one of this programs is found on the victims system the malware stops execution. Probably, this is the reason why this malware stayed undetected for quite some time. A description and an analysis of this threat called Furtim...

Share:

Read more