Lastline Labs

Three interesting changes in malware activity over the past year

Posted by Dr. Christopher Kruegel on 3/31/16 5:00 AM

Every day, our Lastline sensors observe millions of files that our customers download from the Internet or receive as email attachments. These files are analyzed and, in many cases, executed or opened inside our sandbox. The sandbox is a secure, instrumented analysis environment where we can safely look for interesting behaviors that indicate bad intentions and outright malice. 

Every once in a while, we take a step back and look at the malicious behaviors that we have seen. Malware authors always look for new ways to make money, get access to sensitive data, and evade detection. They introduce new behaviors, refine ideas that they have tried in the past, and add tricks to bypass security controls. By looking over the data collected over the last year, we discovered a few interesting trends that show some of the directions that malware authors take. In this research note, we discuss three findings that struck us as interesting and worth reporting. As a forth bonus item, we also revisit evasive behaviors, something that we have been tracking for many years.

Read More

Topics: Evasive Malware, Bank Malware, Lastline Labs, Banking Trojan, Browser Modification, Code Signing

Lifting the Seams of the Shifu "Patchwork" Malware

Posted by Clemens Kolbitsch on 9/4/15 3:55 PM

Authored by: Clemens Kolbitsch and Arunpreet Singh

Read More

Topics: Evasive Malware, Full-system Emulation, APT, Shifu, Banking Trojan

Subscribe to Email Updates