Do you ever feel the Internet is especially slow these days? Or do you ever wonder if maybe it’s just your computer that’s getting slower? Don’t rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking.” What is cryptojacking? It’s a trick used to mine cryptocurrencies on your computer using your CPU resources in the background without your knowledge. All that a cybercriminal has to do is load a script... [Read More]
by RSS David Maciejak  |  Oct 19, 2017  |  Filed in: Security Research
Blockchain is a shared and continuously reconciled database used to maintain a list of digital records, called blocks. It is quickly becoming an important tool not just for financial information, but also for managing and recording virtually all types of data, such as medical and other records, identity management, and transaction processing. Because a blockchain database is distributed and interconnected, it provides several essential services. The first is transparency. Because data is embedded within the network as a whole, it is by definition... [Read More]
by RSS Hemant Jain  |  Jun 20, 2017  |  Filed in: Industry Trends
We attended the recent VB 2016 conference to present our findings on the development and evolution of Locky ransomware. In that same presentation we also discussed an automation system designed by Fortiguard to extract its configuration and hunt for new variants. Locky-ly (*wink*), while improving the system we couldn’t help but notice another new variant. Actually, aside from the encrypted file name extension change, there are no major developments from the “.odin” variant in this new variant. However, it appears that criminals... [Read More]
by RSS Floser Bacurio Jr. and Joie Salvio  |  Oct 24, 2016  |  Filed in: Security Research
As a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” extension to its encrypted files. This is now the third time that the extension has been changed. Aside from this, in this report we will also examine some of its other minor updates. It’s not Odin. It’s Locky      The transition from “.locky” to “.zepto” extension has caused some confusion to the malware research scene. Due to this update,... [Read More]
by RSS Joie Salvio and Floser Bacurio Jr.  |  Oct 03, 2016  |  Filed in: Security Research
It’s been just less than a month since the Shark Ransomware was discovered, and there is already an upgrade from the same authors, along with a new Ransomware-as-a-Service (RaaS) website,a new name, and new features. While this site follows the standard RaaS business model being commonly used by other ransomware developers, it has a new twist.  Besides the usual offer to let users customize and build their own ransomware, Atom is being promoted as a “Ransomware Affiliate Program.” The twist is that it offers the soon-to-be... [Read More]
by RSS Rommel Joven  |  Sep 12, 2016  |  Filed in: Security Research
A new ransomware variant, named “Fsociety Locker” (“Fsociety ALpha 1.0”), showed up recently seeking a place in the threat marketplace. The authors of this malware must be “Mr. Robot” fans, as the name “Fsociety” refers to the fictional group of hackers in that show. This new ransomware variant is one of the very few examples of Python-based ransomware in the wild. Python is typically considered to be a fast, easy language to code in, so this maybe the start of a new malware trend.  In this... [Read More]
by RSS Sarah (Qi) Wu and He Xu  |  Sep 01, 2016  |  Filed in: Security Research
The last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: sample.exe 123 Below is a screenshot of it in action: This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following... [Read More]
by RSS Floser Bacurio and Roland Dela Paz  |  Jun 30, 2016  |  Filed in: Security Research
The competition for the most secure instant messaging tool has been running for years. It re-surfaced this month when WhatsApp announced it has completed implementing end-to-end encryption. Curiously, in security research circles, this has resulted in endless debates between WhatsApp and Telegram. Very much like Emacs vs Vi, everybody has a (strong) opinion, but there is no general consensus. ;) I think we can agree that Signal, WhatsApp, and Telegram stand out as the most secure messaging solutions - thanks to end-to-end encryption or Perfect... [Read More]
by RSS Axelle Apvrille  |  Apr 15, 2016  |  Filed in: Industry Trends
Strong encryption is the security professional's arms race. There is no such thing—and never has been nor ever will be—as unbreakable code. The best we can strive for is code that will take a cyberthief's computers so long to break that it becomes impractical. In short, the thief will conclude that there are much easier ways to make his money, softer targets to hit. The problem is that, thanks to Moore's Law and its various corollaries, computing power continually gets better, faster and can fit into smaller form factors.... [Read More]
by RSS Evan Schuman  |  Sep 09, 2015  |  Filed in: Industry Trends
Insomni'hack's CTF included iOS challenges, but also an Android challenge in two parts. The write-up of part 1 of the Android challenge can be found on SCRT's blog. It is quite complicated, but in the end, we get a decrypted filesystem with the flag for part 1, and an Android application to investigate for part 2 (download) 87f10242d7662a9cf8158bd85e4a17df9279a961f1d2a2e469cfd1be5501bfa1 ch.scrt.insomnidroid-1.apk According to the text of part 2, we are meant to find a way to buy movies without paying. The applications launches... [Read More]
by RSS Axelle Apvrille  |  Apr 04, 2015  |  Filed in: Security Research