An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part […]
It seems that the attacks against Uyghur hasn’t stopped. We have recently encountered a compromised Uyghur website that renders a malicious flash exploiting the CVE-2013-0634 vulnerability.The flash file contains two DLL files each embedded with EXE binaries. One DLL is for 32-bit systems, while the other appears to be for 64-bit systems.The executable binaries are […]
Just after we published a blog about a 64-bit obfuscator, we very quickly discovered another malware family following the same trend. Claretore is also using two-layer 64-bit obfuscation, although it does it a little differently to Ursnif. The first layer simply decrypts the code of the second layer and passes it control. There’s even a 64-bit […]
Latest Comments