<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">
Cybereason + Arm: Securing The Core of IoT
LEARN MORE →
Securing IoT
LEARN MORE →

Excel4.0 Macros - Now with Twice The Bits!

Research

Excel4.0 Macros - Now with Twice The Bits!

In this research, we outline how to enable the execution of 64-bit shellcode via Excel 4.0 macros and previous research on 32-bit shellcode.

GandCrab's new Evasive Infection Chain

Research

GandCrab's new Evasive Infection Chain

Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

Research

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data

Research

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data

The Cybereason team has identified a malware campaign that combines Emotet, TrickBot, and Ryuk to steal and ransom data.

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

Research

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.

New Ursnif Variant Comes with Enhanced Information Stealing Features

Research

New Ursnif Variant Comes with Enhanced Information Stealing Features

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

New Ursnif Variant Targets Japan Packed with New Features

Research

New Ursnif Variant Targets Japan Packed with New Features

In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy persistence mechanism, revamped information-stealing modules focusing on mail clients and cryptocurrency, and targets Japanese security products.

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

Next Generation Antivirus

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

In this overview, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This spam campaign targeted Brazil and was able to infiltrate systems in a unique way - using processes in some security products.

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Phishing

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Research

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team analyzed numerous campaigns related to Brazilian financial malware and found that these programs have become pervasive and infected 60 banks in nearly a dozen countries throughout South America, Spain and Portugal.