For the last three years, Joker Trojan is making its way on Google Play Store. Quick Heal Security Labs recently spotted 8 Joker malware on Google Play Store and reported them to Google, which has now removed all the applications. Fig. 1 Screenshots of Applications from Google Play Store Joker is a spyware Trojan that […]
Cobalt Strike is a widespread threat emulation tool. It is one of the most powerful network attack tools available for penetration testers in the last few years used for various attack capabilities and as a command and control framework. Recently, Cobalt Strike has been used in various ransomware campaigns like Povlsomware Ransomware, DarkSide Ransomware. Povlsomware […]
Credential stealer malware is the most prevalent types of malware used in cyber-attacks. We have seen a lot of new stealer malware in the wild. The main objective of all credential stealer malware is to collect all confidential and sensitive information like user credentials and financial information. Ficker Stealer is a family of information-stealing malware […]
Autoreply is a convenient feature through which users can send a custom message as an automatic reply for unanswered incoming email, SMS, WhatsApp messages, and more. There are many applications on Google Play Store which offers such functionality. We have recently noticed malicious applications which are abusing this particular functionality. Fig 1. Content used for […]
COVID-19 pandemic has confined a big part of the population indoors, doing their work and daily chores online. This has had a direct impact on mobile app usage trends, especially among on-demand mobile apps. Mobile applications have become a necessity for varied purposes, including video conferencing, communicating, attending online classes, streaming services, playing games, ordering […]
We recently came across 2 malicious Joker family malware applications on Google Play Store — the company was quick to remove these malicious applications from their store based on our report. These two applications, namely “Easy QR Scanner” and “Free Translator” have more than 10k installs each. What is Joker Malware? Joker is spyware which […]
Recently, Quick Heal Security Labs found an Android application present on the Google Play Store which was infected by Windows malware. The application is meant for Gionee SmartWatch configuration and visualizing the data through App. On further analyzing the App, we found few HTML files which were infected with Windows malware. These infected HTML files […]
Since last two days, the Internet is rife with news around a critical remote code execution vulnerability in SMBv3.1.1 compression mechanism. Today, on 12th March 2020 Microsoft has released an emergency out-of-band patch to address this vulnerability. As per Microsoft release information, it’s a remote code execution vulnerability in the way that the Microsoft Server […]
Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few earlier variants of it and […]
Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with a custom packer. The final […]