Unit 42 researchers have found in the wild a new variant of the Muhstik Botnet exploiting the latest WebLogic vulnerability for cryptomining and DDoS attacks. Our latest research provides analysis of these new attacks.
Unit 42 discovers new samples of Mirai compiled for additional processors, Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze, potentially increasing the DDoS firepower of Mirai.
Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.
Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) device.
Unit 42 researchers outline the evolution of Satori, a malware family targeting zero-day vulnerabilities in IoT devices
Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.
Over the past month, Palo Alto Networks has observed two spam campaigns targeting users residing in Italy. The spam emails attempt to install the pervasive Andromeda malware onto victim machines. This malware has been around since 2011 and shows no signs of stopping. Compromised hosts cause a victim’s machine to be attached to the Andromeda
Ransomware persists as one of the top crimeware threats thus far into 2016. While the use of document-based macros for ransomware distribution remains relatively uncommon, a new family calling itself “Locky” has borrowed the technique from the eminently successful Dridex to maximize its target base. We first learned of Locky through Invincea and expanded on
On January 31, a security researcher named Mohammad Faghani posted an analysis of malware that was being distributed through Facebook posts. Based on the number of “likes” the malware had generated, Faghani estimated that over 100,000 users had been infected with the malware. We have not been able to identify a common name for this
The Asprox/Kuluoz malware family has a special place in our hearts at Palo Alto Networks. This botnet-related Trojan malware has evolved from its 2007 roots into a simple and yet robust mass e-mail phishing threat that is the origin of a significant percentage of Internet spam today. This post further explores trends for this malware