On 6th December 2017, FortiGuard Labs discovered a compromised website - acenespargc[.]com. Looking into the source code, we noticed a suspicious encrypted script which the uses eval() function to convert all the characters into numbers. We used a tool called CharCode Translator to reverse the numbers back into characters. We were then able to retrieve a link which redirects to a scam page or phishing website. Part 1   Part 2 The above is just a simple example. The threat actor can actually... [Read More]
by RSS Eric Chong  |  Feb 07, 2018  |  Filed in: Security Research
Feel free to browse through our Zitmo timeline. Please note that variant naming depends on many factors including but not limited to chronology. Hence variant letters (.A) don't always reflect the order of appearance in the wild. [Read More]
by RSS Karine de Ponteves  |  Nov 19, 2012  |  Filed in: Security Research
Is Symbian still the leader for smartphone operating systems or not? How far have Android and iPhones penetrated the market? Who's the leader for smartphone OS: Symbian? BlackBerry? Android? iPhone? A quick search on Internet provides quite opposite results, and I decided to find out why. There is no official definition of what a smartphone is compared to a feature phone. Steve Litchfield already mentioned the fact in an interesting article and lists several definitions: a phone that can be extended with hundreds of add-on applications a phone... [Read More]
by RSS Axelle Apvrille  |  Mar 01, 2011  |  Filed in: Security Research
During the weekend, in our monitoring of the Zeus botnet, my colleague Kyle Yang stumbled upon an unexpected payload: a brand new mobile malware piece we named SymbOS/Zitmo.A!tr (Zitmo standing for "Zeus In The MObile"), likely aimed at intercepting confirmation SMS sent by banks to their customers. This also caught the eye of s21sec with a nice analysis you should read. Basically, the ZeuS network initiated some social engineering operations (via injection of HTML forms in the victims' browser) to get the phone number and phone model of its infected... [Read More]
by RSS Axelle Apvrille  |  Sep 27, 2010  |  Filed in: Security Research