Cyber Protection Operation Center

Cyberthreats and cybersecurity insights

Cyber Protection Operation Center

Malware analysis

Most recent on Malware analysis

02 October 2023 — 9 min read

Acronis

02 October 2023 — 9 min read

BlackByte 3.0 uses vulnerable drivers to compromise systems

BlackByte is an example of ‘ransomware-as-a-service‘ (RaaS), and the threat actors behind it constantly upgrade their malware to keep customers satisfied. Recent changes have increased the complexity of cybersecurity analytics, while also introducing new anti-analysis and anti-debugging techniques.

17 July 2023 — 9 min read

Acronis

17 July 2023 — 9 min read

8Base ransomware stays unseen for a year

8Base ransomware was first spotted in June 2023, with a massive number of targeted victims. It was later discovered that 8Base originated in March 2022 with the launch of an associated data leak site.

16 May 2023 — 11 min read

Acronis

16 May 2023 — 11 min read

RedLine Stealer: A malware-as-a-service info-stealer

Redline Stealer is a malware-as-a-service (MAAS) info-stealer that is offered in cybercriminal forums and on Telegram channels. The malware was first observed in February 2020 for Windows systems.

04 May 2023 — 9 min read

Acronis

04 May 2023 — 9 min read

Raccoon Stealer: A popular and dangerous threat

Raccoon Stealer, also known as Mohazo or Racealer, is an info-stealer malware that first appeared in 2019, and is available as malware-as-a-service (MAAS). Available as MaaS, it has already infected over 100,000 devices in the wild, across organizations and individuals, and became one of the most-mentioned attacks on underground forums.

28 April 2023 — 9 min read

Acronis

28 April 2023 — 9 min read

Malware with a “Money Message”

The purpose of Money Message ransomware is to encrypt files on a targeted computer, rendering the victim's system unusable. It was first reported on Twitter by the Zscaler ThreatLabZ research team.

26 April 2023 — 5 min read

Acronis

26 April 2023 — 5 min read

Maui: An active and dangerous data wiper

Maui is a wiper that is designed to delete or overwrite data on a computer or digital device, causing damage and disrupting operations. This malware was first discovered by the FBI in May 2021, and is presumed to have been developed under the guidance of North Korea.

29 March 2023 — 9 min read

Acronis

29 March 2023 — 9 min read

SwiftSlicer: A simple yet dangerous data wiper

On January 25, 2023, ESET Research found a new data wiper in the network of Ukrinform, Ukraine’s national news agency. Later, the Computer Emergency Response Team of Ukraine (CERT-UA) added that as of January 27, five additional, different malware samples were spotted in the network.

06 March 2023 — 15 min read

Acronis

06 March 2023 — 15 min read

IcedID (BokBot): From banking trojan to backdoor

IcedID, also known as BokBot, was initially a banking trojan when it was discovered in 2017. Now it is mostly used as an initial access broker for other malware. This malware typically uses malicious email attachments to infect victims' machines. It has been known to use various types of attachments — such as archives, Word and Excel files — but the latest attacks used OneNote files.

13 February 2023 — 7 min read

Acronis

13 February 2023 — 7 min read

CaddyWiper makes Windows machines unusable

CaddyWiper is an example of data-wiping malware, whose purpose is to corrupt the operating system and leave the targeted device unusable. It was first spotted in Ukraine in mid-March 2022 by the ESET research team.

06 February 2023 — 8 min read

Acronis

06 February 2023 — 8 min read

DoubleZero: A data wiper deployed against Ukraine

The DoubleZero wiper — so named for its tactic of zeroing files — was first discovered on March 17, 2022 by CERT-UA (the Computer Emergency Response Team of Ukraine). The malware was designed in order to wipe out system files, non-system files and entire registry branches, and was spread by spear phishing emails with an attached ZIP that contains the malware file.

02 February 2023 — 8 min read

Acronis

02 February 2023 — 8 min read

Vawtrak: A banking trojan with a long history

Vawtrak is a banking trojan — a form of malware that attempts to steal credentials from banks. It spreads via phishing emails and spam emails that contain a malicious document, loaded with a macro. The primary target of this malware are banks and insurance companies, mainly in Germany.

05 January 2023 — 9 min read

Acronis

05 January 2023 — 9 min read

Royal ransomware’s actors make high demands

Royal ransomware was first spotted in January 2022, targeting different corporations. This group does not provide ransomware-as-a-service. The attackers demand figures ranging from $250,000 to over $2 million from their victims.

09 December 2022 — 9 min read

Acronis

09 December 2022 — 9 min read

KmsdBot: DDoS and cryptomining combined

On November 10, 2022, the Akamai Security Intelligence Response Team published an article with the description of the newly spotted KmsdBot, which infected their honeypot. Gaming company FiveM, which provides software for GTA V for hosting custom private servers (and happens to be Akamai’s client), became the first victim. During their investigation, researchers found many samples that were built for different architectures.