Hancitor is one of the better-known malware downloaders due to its numerous SPAM runs and evolving delivery technique. It reminds us of Upatre, which gained notoriety status over the past two years but has now died down, possibly due to the takedowns of its major payloads. In the case of Hancitor, it still seen as a favourite carrier of very much active malware families such as Pony and Vawtrak. Just recently, we found a new spam campaign of Hancitor with some notable developments that may have been in the previous variants, but were not discussed... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Nov 02, 2016  |  Filed in: Security Research
Vawtrak, also known as Neverquest, is a banking trojan that is capable of bypassing 2FA (two factor authentication) on some financial institutions. It is also one of your typical information stealer. One of the main strengths of Vawtrak is its use of layering techniques within its code. Within its layers, Vawtrak employs different armoring strategies such as Anti-Emulator, Anti-Debugger, Anti-Analysis, Encryption/Decryption/Hashing, Compression/Decompression, Garbage collection, and Code injection. TOR 101 The Onion Router, or simply known... [Read More]
by RSS Raul Alvarez  |  Jun 05, 2015  |  Filed in: Industry Trends