Malware - Home

Stay Alert of Facebook Credential Stealer Applications Stealing User’s Credentials.

Digvijay Mane / 4 years
0
6 min read

Social media credentials are always a lucrative thing for threat actors. They use various techniques to get them. Some use overlays with fake user interfaces, some use key-logging, and some use simple social engineering to trap users. Another way threat actors have been used in the recent past is JavaScript code injection in WebView to […]

Anydesk Software Exploited to Spread Babuk Ransomware

Preksha Saxena / 4 years
0
10 min read

We generally see that ransomware attacks are deployed through exploits, unsolicited malicious emails (malspam), or malicious Microsoft Office documents. Attackers trick the unsuspecting users into enabling macros, etc. Apart from these usual attack techniques, we came across a new way of using Anydesk software fake websites to spread Babuk ransomware. Anydesk is a remote-control tool […]

Stay Alert – Malware Authors Deploy ELF as Windows Loaders to Exploit WSL feature

Rutuja Mane / 4 years
0
5 min read

What is WSL? The Windows Subsystem for Linux (WSL) is a resource inside the Windows operating system that allows users to execute Linux command lines on a machine running Windows operating system. The Windows Subsystem for Linux uses an application known as Bash.exe, which launches a Linux dialogue box within the Windows operating system interface. […]

CetaRAT APT Group – Targeting the Government Agencies

Prashant Tilekar / 4 years
0
4 min read

CetaRAT was seen for the first time in the Operation SideCopy APT. Now it is continuously expanding its activity since then. We have been tracking this RAT for a long time and observed an increase in targeting the Indian government agencies. The CetaRAT infection chain starts with a Spear phishing mail with a malicious mail […]

Stay Protected from Bazarloader Malware with WordProcessingML Awareness

What you need to know about the BazarLoader Malware?

Anjali Raut / 4 years
0
3 min read

At the start of February 2021, Bazarloader malware was in the news about its mechanism of delivering the initial attack vector. It tricks a victim into connecting with a fake call where a threat actor asks to download malicious excel attachments from the portal to infect them. We recently observed that its delivery mechanism is […]

FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data

Rumana Siddiqui / 5 years
0
9 min read

Quick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in the static analysis, not much information is available. It resembles some simple application going by the method name. On the dynamic side, some show the activity but another check for sandboxing environment. Apart from this, even on […]

WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents

Ayush Puri / 5 years
0
4 min read

Warzone RAT is part of an APT campaign named “Confucius.” Confucius APT is known to target government sectors of China and a few other South Asian countries. This APT campaign was quite active around January 2021. Warzone RAT first emerged in 2018 as malware-as-a-service (MaaS) and is known for its aggressive use of “.docx” files […]

Phishing Scam Alert: Domain Name Expiration Notices stealing data through phishing site

Rahul Pawar / 5 years
0
4 min read

Have you received an email notification that your domain is about to expire? Most website owners have. But do you pay close attention to who it is from and the renewal fee? If not, you may be throwing money away to a scammer. Quick Heal Security Labs has recently come across a phishing scam related […]

Fresh Joker Malware Variant Targeting Android Users

Google Play store applications laced with Joker malware yet again

Digvijay Mane / 5 years
0
4 min read

For the last three years, Joker Trojan is making its way on Google Play Store. Quick Heal Security Labs recently spotted 8 Joker malware on Google Play Store and reported them to Google, which has now removed all the applications. Fig. 1 Screenshots of Applications from Google Play Store Joker is a spyware Trojan that […]

Cobalt Strike 2021 – Analysis of Malicious PowerShell Attack Framework

Saurabh Sharma / 5 years
0
5 min read

Cobalt Strike is a widespread threat emulation tool. It is one of the most powerful network attack tools available for penetration testers in the last few years used for various attack capabilities and as a command and control framework. Recently, Cobalt Strike has been used in various ransomware campaigns like Povlsomware Ransomware, DarkSide Ransomware. Povlsomware […]