<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Insights Resources

Research

NEW URSNIF VARIANT TARGETS JAPAN PACKED WITH NEW FEATURES

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

Read More
Research

The Cybereason research team observed a new campaign involving Urs...

Read More
Research

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

Read More
Research

In this research, we explain one of the most recent and unique camp...

Read More
Research

Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Read More
Research

Cybereason detected an evasive infection technique used to spread a...

Read More
Research

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin America, Spain and Portugal.

Read More
Research

Cybereason’s Nocturnus team mapped out the multi-stage malware dist...

Read More
Research

WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

Read More
Research

The Wannamine cryptominer, which uses the EternalBlue exploits, is ...

Read More