Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
During a recent client investigation, Trustwave SpiderLabs found a malicious version of the ...
Read MoreStay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Breakdown of Tycoon Phishing-as-a-Service System
Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) ...
Read MoreApache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In ...
Read MoreStealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
In the ever-evolving landscape of malware threats, threat actors are continually creating new ...
Read MoreGootloader: Why your Legal Document Search May End in Misery
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload ...
Read MoreHTML File Attachments: Still A Threat
Introduction This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) ...
Read MorePillowmint: FIN7’s Monkey Thief
In this blog, we take an in-depth technical look at Pillowmint malware samples received from our ...
Read MoreMonster Lurking in Hidden Excel Worksheet
A recent blog by Didier Steven’s showed how malicious Excel 4 macros can be stored in OOXML (Office ...
Read MoreMessing with Azorult Part 2: Command and Control
As we mentioned in our earlier blog, Azorult is very popular in the underground hacking forum. ...
Read MoreMessing with Azorult Part 1: Malware Breakdown
In this blog series, we dive into an information stealing Trojan called Azorult that we analyzed ...
Read MoreDigging Deep into Magecart Malware Part II
Magecart is the name given to notorious groups of hackers that target online shopping carts, ...
Read MoreHiding PHP Code in Image Files Revisited
Over five years ago, we published a blog detailing how a webshell’s backdoor code was hidden in an ...
Read MoreDigging Deep Into Magecart Malware
Last week, one of my SpiderLabs colleagues was working on a PCI forensic triage for a website. ...
Read MoreDemystifying Obfuscation Used in the Thanksgiving Spam Campaign
During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file:
Read MoreRed Alert v2.0: Misadventures in Reversing Android Bot Malware
(Analysis by Rodel Mendrez and Lloyd Macrohon)
Read MoreCrypter-as-a-Service Helps jRAT Fly Under The Radar
(Contributor: Dr. Fahim Abbasi and Phil Hay)
Read MoreCHM Badness Delivers a Banking Trojan
Like good old Microsoft Office Macros, Compiled HTML (CHM) Help files have been utilized by malware ...
Read MoreTale of the Two Payloads – TrickBot and Nitol
A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with ...
Read MoreMinimalist Alina PoS Variant Starts Using SSL
More than four years ago, we published a series of blogs discussing in-depth analysis of Alina ...
Read MoreSVG Files Are Not As Benign As It May Seem
Bad guys are getting quite creative trying to evade spam filters and antivirus scanners. Last week, ...
Read MoreDown the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook
Email As Infection Vector
Read MoreHow I Cracked a Keylogger and Ended Up in Someone's Inbox
It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam ...
Read MoreMassive Volume of Ransomware Downloaders being Spammed
We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out, ...
Read More3-in-1 Malware Infection through Spammed JavaScript Attachments
Recently we've observed a massive uptick of malicious spam with JavaScript attachments with an ...
Read MoreQuaverse RAT: Remote-Access-as-a-Service
***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions***
Read MoreMalicious Macros Evades Detection by Using Unusual File Format
A couple of months ago we observed an influx of XML spam attachments that were actually Office ...
Read More