Security Research


Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it’s a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. [Read More]
by RSS Joie Salvio and Jasper Manuel  |  Sep 20, 2017  |  Filed in: Security Research
Security researchers have identified more and more Mac OS malware attacks over the past two years. In June 2017, Rommel Joven and Wayne Chin Yick Low from Fortinet’s Fortiguard Labs found and analyzed a new ransomware targeted at Mac OS.  Most malware for Mac OS was developed in the Objective-C programming language. A good introduction to reverse engineering Cocoa applications can be found here. In that blog post, the researcher released an IDAPython script named objc2_xrefs_helper.py  that can only be executed in IDA Pro. As you... [Read More]
by RSS Kai Lu  |  Sep 19, 2017  |  Filed in: Security Research
BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen. [Read More]
by RSS Dario Durando  |  Sep 19, 2017  |  Filed in: Security Research
ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception.... [Read More]
by RSS Kai Lu  |  Sep 18, 2017  |  Filed in: Security Research
It now appears that this crime was enabled through an exploit that targeted a Java vulnerability in Apache Struts 2, which is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model–view–controller (MVC) architecture. [Read More]
by RSS Aamir Lakhani  |  Sep 18, 2017  |  Filed in: Security Research
This is the second part of the FortiGuard Labs analysis of the new Poison Ivy variant, or PlugX, which was an integrated part of Poison Ivy’s code. In the first part of this analysis we introduced how this malware was installed onto victim’s systems, the techniques it used to perform anti-analysis, how it obtained the C&C server’s IP&Port from the PasteBin website, and how it communicated with its C&C server. [Read More]
by RSS Xiaopeng Zhang  |  Sep 15, 2017  |  Filed in: Security Research
Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a Bluetooth, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads thru the Bluetooth protocol. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts.... [Read More]
by RSS Aamir Lakhani  |  Sep 14, 2017  |  Filed in: Security Research
Introduction Recently, there have been a series of high profile attacks using browser extensions. Having dealt with this threat vector in the past, we here at FortiGuard Labs decided to conduct a large-scale study of browser extensions. Before diving into the results, we want to make a distinction between two seemingly similar browser technologies: browser plugins and browser extensions. Both are mechanisms that allow an end user to customize their browser to suit their needs, however there are some fine distinctions between them. The former... [Read More]
by RSS Minh Tran  |  Sep 14, 2017  |  Filed in: Security Research
While the scale of this data breach is alarming, the attack they suffered is not unique. Far too many organizations have adopted state of the art network designs and yet still rely on isolated second-generation security solutions and strategies to protect them. More than ever, security cannot be an afterthought. It requires planning, people, and processes combined with adaptive security technologies that can dynamically scale to today’s digital networks and automatically respond as an integrated system to address the advanced cyberthreats. [Read More]
by RSS Derek Manky  |  Sep 08, 2017  |  Filed in: Industry Trends, Security Research
Welcome back to our monthly review of some of the most interesting security research publications. July was very busy with the annual DEFCON and BlackHat US conferences, but also RMLL, the Worldwide Free Software Meeting held this year in France. Past editions: June 2017 May 2017 April 2017 March 2017 Elie Burzstein et al, How We Created the First SHA-1 collision and what it means for hash security video, DEFCON 25 slides and paper With the nickname "Crypto Girl", I obviously had to listen to this... [Read More]
by RSS Axelle Apvrille  |  Sep 07, 2017  |  Filed in: Security Research