trojan


Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code... [Read More]
by RSS Xiaopeng Zhang  |  May 03, 2017  |  Filed in: Security Research
As part of Fortinet’s continued efforts to protect its customers, we carry out a variety of tests to improve the detection of malicious content, whether it’s file or network related. While checking out some HTTPS phishing websites last month, one URL stood out. It wasn’t a phishing site, but it downloaded a file called BR52357896253ex.zip (which is detected as “Java/Banload.BD!tr” by Fortinet AntiVirus service) from a file sharing website. The compressed file also contained a Jar that downloaded additional files,... [Read More]
by RSS Lilia Elena Gonzalez Medina  |  Oct 14, 2016  |  Filed in: Security Research
August ended with the spike in malware activity we predicted last week to welcome everyone back to school and work. Here is a summary of this week’s FortiGuard Threat Intelligence Brief. 1. Ransomware explodes. Ransomware took off this week, filling nine of our weekly top-ten malware detection list slots. Not only that, but while last week our top five detections list amounted to about 2.5 million attempted ransomware infections, this week the top five totaled over 15.5 million ransomware attempts. That more than a 6X increase in a single... [Read More]
by RSS Bill McGee  |  Sep 02, 2016  |  Filed in: Industry Trends
Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From troubleshooting machines across countries to observing employees across rooms, RAT solutions have become widely used tools for remote maintenance and monitoring. Unfortunately, malware authors often utilize these same capabilities to compromise systems.... [Read More]
by RSS Floser Bacurio Jr. and Joie Salvio  |  Aug 29, 2016  |  Filed in: Security Research
At FortiGuard, we wouldn't let you down without an analysis of Pokémon Go. Is it safe to install? Can you go and hunt for Pokémon, or stay by a pokestop longing for pokeballs? While this article won't assist you in game strategy, I'll give you my first impressions analyzing the game. Versions There are two sorts of Pokémon applications: 1. The official versions, issued by Niantic. We will talk more about these later, but in brief, they are not malicious. 2. The hacked versions. These are... [Read More]
by RSS Axelle Apvrille  |  Aug 11, 2016  |  Filed in: Security Research
While inspecting the Pokémon Go application, I incidentally found information on ... Pokémon Go Plus. Basically, this is the Pokémon IoT: a connected wristband with a button (to throw a pokéball, for instance), a RGB LED, and vibration capability (e.g to notify of nearby Pokémon). The device is not yet released, and the software is still under development: as you can see below, versions 0.29.x corresponds to "BETA4". Implementation in version... [Read More]
by RSS Axelle Apvrille  |  Aug 11, 2016  |  Filed in: Security Research
Because of the recent outbreak of the Locky ransomware, Dridex has become synonymous with the distribution of ransomware more generally. However, Dridex is still taking good care of its notorious original business– banking Trojans. While preparing the materials for my upcoming HITBAMS2016 talk on Kernel Exploit hunting and mitigation, I came across this new variant of Dridex (SHA1: 455817A04F9D0A7094038D006518C85BE3892C99), which is rather interesting. The Master of Antivirus Killers Based on some simple string checks, we assumed... [Read More]
by RSS Wayne Chin Yick Low  |  Mar 23, 2016  |  Filed in: Security Research
Overview Over the last few months, the Shifu banking Trojan has become more common in the wild prevalent and the malware family has been getting a fair amount of attention both from researchers and the mainstream media. there have been a number of discussions surrounding the malware family. We also became aware that this malware attempts to bypass our sandbox technology, FortiSandbox. In this post, we will share some of our findings on this new banking Trojan and also talk about how our technologies can support and address Shifu. Prevalence While... [Read More]
by RSS Floser Bacurio  |  Nov 03, 2015  |  Filed in: Industry Trends
PuTTY, the innocuous and ubiquitous terminal application that Windows users download regularly to connect to *nix systems, has been making headlines in the last month after an uptick in malicious activity set off red flags for researchers. As multiple outlets have reported, hackers have recompiled the open source software and inserted malicious code, creating a new “Trojan PuTTY”. The malware, which was originally discovered over two years ago, has been gaining substantial traction as cybercriminals leverage its ability to steal... [Read More]
by RSS Chris Dawson  |  Jun 29, 2015  |  Filed in: Industry Trends
Details are still emerging on the cyberespionage malware known as Regin, but it’s clear that this is no ordinary Trojan. Regin is not new software, despite making headlines this weekend with a myriad of news outlets citing Symantec’s recent white paper on the sophisticated malware. Regin includes several Remote Access Trojan (or RAT, also known as Remote Access Toolkit) features such as capturing screenshots, controlling mouse point-and-click functions, and network monitoring. It also has basic forensic capabilities like recovering deleted... [Read More]
by RSS Chris Dawson  |  Nov 25, 2014  |  Filed in: Industry Trends