At the beginning of February 2018, FortiGuard Labs collected an email. The email message contains an order tracking number with a fake hyperlink that downloads a jar malware. After a quick analysis, I was able to determine that it is the jRAT/Adwind malware. [Read More]
by RSS Xiaopeng Zhang  |  Feb 16, 2018  |  Filed in: Security Research
A few days ago, I was happy to go to Insomni'Hack. I presented some updates on how to detect hidden methods in Dalvik Executable files. But it's not my talk I want to discuss in this post, but Ange Albertini's "Angecryption". With Angecryption, you can basically encrypt anything into whatever you want (there are a few restrictions on input and output formats, but it's the general idea). Basically, Ange Albertini wrote a (Python) script to which you provide the input you wish, the output you wish and the key you wish. The script manipulates the... [Read More]
by RSS Axelle Apvrille  |  Mar 31, 2014  |  Filed in: Security Research
Cryptography has been around for a while, which is a bit of an understatement. Below is an infographic that will give a glimpse into the world of cryptography. [Read More]
by RSS Michael Perna  |  Feb 03, 2014  |  Filed in:
As a "Crypto Girl" should, I wish to report that the latest Android malware, Android/DroidKungFu, uses AES encryption. It is certainly not the first time Android malware use cryptographic encryption - we have already seen use of DES in Android/Geinimi or Android/HongTouTou - but this would appear to be the first use of AES on Android (AES has already been reported in Symbian malware such as SymbOS/InSpirit). In Android/DroidKungFu, the malware uses AES to encrypt the two exploits it uses: CVE-2009-1185: packaged as gjsvro. located in the malware's... [Read More]
by RSS Axelle Apvrille  |  Jun 09, 2011  |  Filed in: Security Research
Our analyst, Ruchna Nigam, had been analyzing a sample of SymbOS/InSpirit.A!tr. SMS dropped in the victim's inbox by SymbOS/InSpirit.A!tr A couple of months ago, this malware received some attention in China (for example see here - use translation if you do not speak Chinese) because it was phishing an area bank. The malware simply added a new SMS in the victim's inbox, apparently coming from the bank's service hotline phone number, and telling the victim he/she had entered a bad password and needed to follow a given (malicious) link to guarantee... [Read More]
by RSS Axelle Apvrille  |  Jan 12, 2011  |  Filed in: Security Research