• Contact sales
  • Contact support
  • Acronis AccountManage all of your Acronis software products
  • Cyber Protection ConsoleAccess and administer your client cloud solutions
  • Partner PortalAll partner-related resources and tools at your fingertips
  • Connect ConsoleLogin to Acronis Connect Console

Acronis Cyber Protection Center

Cyberthreats and cybersecurity insights
Acronis Blog →
Covers information to help protect your data
Acronis Blog
Acronis Cyber Protection Center
Malware analysis

Most recent on Malware analysis

Select
  • Recent
  • Popular
  • No data
Follow us on
13 February 2023 — 7 min read
Acronis
13 February 2023 — 7 min read
CaddyWiper makes Windows machines unusable
CaddyWiper is an example of data-wiping malware, whose purpose is to corrupt the operating system and leave the targeted device unusable. It was first spotted in Ukraine in mid-March 2022 by the ESET research team.
Explore in detail
Malware analysisIncident reportsIndustry insightsSolutions and technologiesClient educationTips and tricksVulnerabilities listBrowse all stories
06 February 2023 — 8 min read
Acronis
06 February 2023 — 8 min read
DoubleZero: A data wiper deployed against Ukraine
The DoubleZero wiper — so named for its tactic of zeroing files — was first discovered on March 17, 2022 by CERT-UA (the Computer Emergency Response Team of Ukraine). The malware was designed in order to wipe out system files, non-system files and entire registry branches, and was spread by spear phishing emails with an attached ZIP that contains the malware file.
02 February 2023 — 8 min read
Acronis
02 February 2023 — 8 min read
Vawtrak: A banking trojan with a long history
Vawtrak is a banking trojan — a form of malware that attempts to steal credentials from banks. It spreads via phishing emails and spam emails that contain a malicious document, loaded with a macro. The primary target of this malware are banks and insurance companies, mainly in Germany.
05 January 2023 — 9 min read
Acronis
05 January 2023 — 9 min read
Royal ransomware’s actors make high demands
Royal ransomware was first spotted in January 2022, targeting different corporations. This group does not provide ransomware-as-a-service. The attackers demand figures ranging from $250,000 to over $2 million from their victims.
09 December 2022 — 9 min read
Acronis
09 December 2022 — 9 min read
KmsdBot: DDoS and cryptomining combined
On November 10, 2022, the Akamai Security Intelligence Response Team published an article with the description of the newly spotted KmsdBot, which infected their honeypot. Gaming company FiveM, which provides software for GTA V for hosting custom private servers (and happens to be Akamai’s client), became the first victim. During their investigation, researchers found many samples that were built for different architectures.
28 November 2022 — 9 min read
Acronis
28 November 2022 — 9 min read
AXLocker ransomware doesn’t change files’ extensions
AXLocker is a ransomware that was found by malware researcher ‘S!ri,’ who posted it on Twitter. Later, it was discovered that AXLocker does not only encrypt files but also steals victims’ Discord credentials and uploads them to its own Discord server. Specifically, the AXLocker ransomware steals tokens stored on a local computer when the user logs in to Discord. It’s not packed or obfuscated.
25 November 2022 — 8 min read
Acronis
25 November 2022 — 8 min read
Killnet ransomware — a wiper from the Chaos family
Killnet is a Russian hacker group, previously known for providing DDoS services. At the end of October 2022, the security channel PCrisk discovered the first sample of Killnet ransomware. The group, via a Telegram channel, also announced a ransomware attack on an Italian chemical factory.
22 September 2022 — 9 min read
Acronis
22 September 2022 — 9 min read
RapperBot: A new threat for IoT devices
On June 22, 2022, CNCERT IoT Threat Research Team and NSFOCUS FuYingLab monitored a new botnet that was attacking IoT devices. Naming the threat ‘RapperBot,’ researchers found more than 5,000 compromised hosts, but no attack commands were spotted. In analyzing samples, cybersecurity analytics found similarities with Mirai Bot, whose source code has been leaked.
25 August 2022 — 9 min read
Acronis
25 August 2022 — 9 min read
SideWinder uses weaponized Word documents to compromise victims’ machines
The SideWinder APT group was first discovered in 2018, and since earlier this year has been actively targeting military, defense and other industries in South Asia. They used to spread phishing emails with Word files that downloaded additional files to decode, drop and start the malware, which collects and uploads victims’ data to remote servers. They've since infected Android devices with malicious apps in Google Play.
16 August 2022 — 11 min read
Acronis
16 August 2022 — 11 min read
Hydrox: A new wiper attacks
Hydrox was first spotted by Twitter user Petrovich on July 29, 2022. On August 3, EnigmaSoft described this threat as a harmful malware that actually wipes users' data. This conclusion was made from a “ransom note” which didn’t actually contain any credentials or links for paying the ransom.
26 July 2022 — 8 min read
Acronis
26 July 2022 — 8 min read
Symbiote: A new stealthy malware for Linux
Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.
22 July 2022 — 12 min read
Acronis
22 July 2022 — 12 min read
CloudMensis: a new macOS threat
In April 2022, ESET researchers found a yet-unknown backdoor on macOS. It was named CloudMensis due to the fact that it uses different public cloud storage for C2 communication. CloudMensis looks for different types of documents, captures keyboard input, searches local emails and can take screen captures.
30 June 2022 — 8 min read
Acronis
30 June 2022 — 8 min read
Details about ZingoStealer: The new, free malware-as-a-service variant
On March 18, 2022, the Telegram public group published a post detailing the release of a new version of malware, a Windows data stealer called ZingoStealer. The group created a chat bot to field information requests, deliver more information, and even enable downloads of ZingoStealer. Later, the developer announced that cryptomining functionality was added to the stealer in order to maximize profits from its operations.
Stay up-to-date
Subscribe now for tips, tools and news.
Email address
Check out a sample newsletter
Monthly digest from the Acronis Blog
Articles
How the New Acronis #CyberFit Academy Empowers Partners asdasd…
How the New Acronis #CyberFit Academy Empowers Partners asdasd…

As the novel coronavirus/COVID-19 continues to spread, impacting individuals, organizations, and communities across the globe, we want to share how Acronis is responding to the pandemic.

New update adds vulnerability assessments to Acronis True …
New update adds vulnerability assessments to Acronis True …

Working from home has become a critical part of containing the virus, but for small to mid-size businesses tackling remote work for the first time, there are security considerations to keep in mind.

New update adds vulnerability assessments to Acronis True …
New update adds vulnerability assessments to Acronis True …

With the coronavirus on the verge of being declared a global pandemic and thousands dead in its wake, there are sick attempts by criminals to scam unsuspected victims to profit from the illness.

Looking Forward to Better Days
Looking Forward to Better Days

Travel may be restricted and conferences canceled, but this crisis will eventually pass. To give us something to look forward to, let’s look at the session tracks for the 2020 Acronis Global Cyber Summit.


Insights, trends, and analysis
Find a story

© 2023 Acronis International GmbH.
Rheinweg 9, 8200 Schaffhausen, Switzerland.
© All rights reserved.

Your information is used in accordance with our privacy statement. You receive this email because you are subscribed for a blog newsletter.

  • Customer Service
  • Send Feedback
  • Manage Subscriptions
  • Company Blog
Engage with Acronis
© 2003–2023 Acronis International GmbH.
  • Legal information
  • Privacy policy