Acronis Cyber Protection Center

Cyberthreats and cybersecurity insights

Acronis Blog →

Covers information to help protect your data

Acronis Cyber Protection Center

Malware analysis

Most recent on Malware analysis

Select

06 February 2023 — 8 min read

Acronis

06 February 2023 — 8 min read

DoubleZero: A data wiper deployed against Ukraine

The DoubleZero wiper — so named for its tactic of zeroing files — was first discovered on March 17, 2022 by CERT-UA (the Computer Emergency Response Team of Ukraine). The malware was designed in order to wipe out system files, non-system files and entire registry branches, and was spread by spear phishing emails with an attached ZIP that contains the malware file.

02 February 2023 — 8 min read

Acronis

02 February 2023 — 8 min read

Vawtrak: A banking trojan with a long history

Vawtrak is a banking trojan — a form of malware that attempts to steal credentials from banks. It spreads via phishing emails and spam emails that contain a malicious document, loaded with a macro. The primary target of this malware are banks and insurance companies, mainly in Germany.

05 January 2023 — 9 min read

Acronis

05 January 2023 — 9 min read

Royal ransomware’s actors make high demands

Royal ransomware was first spotted in January 2022, targeting different corporations. This group does not provide ransomware-as-a-service. The attackers demand figures ranging from $250,000 to over $2 million from their victims.

09 December 2022 — 9 min read

Acronis

09 December 2022 — 9 min read

KmsdBot: DDoS and cryptomining combined

On November 10, 2022, the Akamai Security Intelligence Response Team published an article with the description of the newly spotted KmsdBot, which infected their honeypot. Gaming company FiveM, which provides software for GTA V for hosting custom private servers (and happens to be Akamai’s client), became the first victim. During their investigation, researchers found many samples that were built for different architectures.

28 November 2022 — 9 min read

Acronis

28 November 2022 — 9 min read

AXLocker ransomware doesn’t change files’ extensions

AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later, it was discovered that AXLocker does not only encrypt files but also steals victims’ Discord credentials and uploads them to its own Discord server. Specifically, the AXLocker ransomware steals tokens stored on a local computer when the user logs in to Discord. It’s not packed or obfuscated.

25 November 2022 — 8 min read

Acronis

25 November 2022 — 8 min read

Killnet ransomware — a wiper from the Chaos family

Killnet is a Russian hacker group, previously known for providing DDoS services. At the end of October 2022, the security channel PCrisk discovered the first sample of Killnet ransomware. The group, via a Telegram channel, also announced a ransomware attack on an Italian chemical factory.

22 September 2022 — 9 min read

Acronis

22 September 2022 — 9 min read

RapperBot: A new threat for IoT devices

On June 22, 2022, CNCERT IoT Threat Research Team and NSFOCUS FuYingLab monitored a new botnet that was attacking IoT devices. Naming the threat ‘RapperBot,’ researchers found more than 5,000 compromised hosts, but no attack commands were spotted. In analyzing samples, cybersecurity analytics found similarities with Mirai Bot, whose source code has been leaked.

25 August 2022 — 9 min read

Acronis

25 August 2022 — 9 min read

SideWinder uses weaponized Word documents to compromise victims’ machines

The SideWinder APT group was first discovered in 2018, and since earlier this year has been actively targeting military, defense and other industries in South Asia. They used to spread phishing emails with Word files that downloaded additional files to decode, drop and start the malware, which collects and uploads victims’ data to remote servers. They've since infected Android devices with malicious apps in Google Play.

16 August 2022 — 11 min read

Acronis

16 August 2022 — 11 min read

Hydrox: A new wiper attacks

Hydrox was first spotted by Twitter user Petrovich on July 29, 2022. On August 3, EnigmaSoft described this threat as a harmful malware that actually wipes users' data. This conclusion was made from a “ransom note” which didn’t actually contain any credentials or links for paying the ransom.

26 July 2022 — 8 min read

Acronis

26 July 2022 — 8 min read

Symbiote: A new stealthy malware for Linux

Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.

22 July 2022 — 12 min read

Acronis

22 July 2022 — 12 min read

CloudMensis: a new macOS threat

In April 2022, ESET researchers found a yet-unknown backdoor on macOS. It was named CloudMensis due to the fact that it uses different public cloud storage for C2 communication. CloudMensis looks for different types of documents, captures keyboard input, searches local emails and can take screen captures.

30 June 2022 — 8 min read

Acronis

30 June 2022 — 8 min read

Details about ZingoStealer: The new, free malware-as-a-service variant

On March 18, 2022, the Telegram public group published a post detailing the release of a new version of malware, a Windows data stealer called ZingoStealer. The group created a chat bot to field information requests, deliver more information, and even enable downloads of ZingoStealer. Later, the developer announced that cryptomining functionality was added to the stealer in order to maximize profits from its operations.