QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. Today, Qbot is still a vicious and persistent threat to organizations and has become one of the leading Banking Trojans globally. Over the years, it has changed its initial techniques to deliver payloads like using VBA macros, […]
SOVA is an Android banking Trojan with significant capabilities like credential theft, capturing keystrokes, taking screenshots, etc., that can inflict acute harm to the devices that become victims of this malware. This malware has been on sale in the underground market since last year & is suspected of having been bought by some bad […]
HiddenAd or HiddAd are icon-hiding adware applications. The prime motive of HiddAd is to generate revenue through aggressive advertisements. As long as HiddAd remains on the device, it will generate revenue for the malware author. To make uninstalling difficult, malware authors hide the application’s icon from the application drawer. They also use different deceptive techniques […]
Quick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in the static analysis, not much information is available. It resembles some simple application going by the method name. On the dynamic side, some show the activity but another check for sandboxing environment. Apart from this, even on […]
Warzone RAT is part of an APT campaign named “Confucius.” Confucius APT is known to target government sectors of China and a few other South Asian countries. This APT campaign was quite active around January 2021. Warzone RAT first emerged in 2018 as malware-as-a-service (MaaS) and is known for its aggressive use of “.docx” files […]
For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not paid. Malware is bundled with […]
Since the past few weeks, Quick Heal Security Labs has been observing a series of interesting malware blocked at our customer end. The further analysis of the malware ‘t.exe’ revealed that the malware seems to be Trojan dropper. Interestingly, this multipurpose malware is downloading a ransomware component, a crypto-mining malware and many more. It also […]
TrickBot Trojan was first identified in mid-2016 and considered similar to the Dyreza banking Trojan. Initially, the payload (the component of a computer virus that executes a malicious activity) was spreading through a malvertising campaign using the Rig Exploit Kit. From our current findings, we have found that TrickBot has changed its propagation technique and […]
An antivirus software keeps your computer safe from malware, viruses, online threats, and suspicious or harmful elements. Although bypassing this protective guard is a difficult task for attackers, they never stop trying to do so. Recently, we came across a malware that is designed to interfere with the infected system’s security software by disallowing its […]
“Dridex”, also known as ‘Buget’, is the successor of “Cridex”, a banking Trojan created for stealing victim credentials. After its takedown by the US Government in late 2015, the malware has come up with new versions and techniques. This report aims to provide detailed insights into the infection vector of Dridex, its behavior, work flow […]