One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. While DGA has been in use for over 10 years now, it’s still a potent technique that has been a particular challenge for defenders to counter. Fortunately, there are emerging technologies now that can better counter DGAs.
Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018.
Unit 42 discovers ComboJack, a new currency stealer that alters clipboards to steal cryptocurrency.
Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.
Palo Alto Networks Unit 42 researchers share details of a new high severity vulnerability affecting the Google Android platform.
Unit 42 uncovers HoeflerText popups delivering RAT malware to Google Chrome users.
The Blockbuster saga continues: Unit 42 researchers disclose attack activity targeting individuals involved with U.S. defense contractors.
Unit 42’s EMEA bi-monthly threat report.
Palo Alto Networks researchers discovered an advanced Android malware we’ve named “SpyDealer” which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature
Unit 42 investigates recent developments in the EITest & pseudo-Darkleech campaigns contributing to the decline of Rig exploit kits.
Alex Hinchliffe of Unit 42 examines recent threats targeting the EMEA region.
Unit 42 continues their look into the EMEA malware trends of the last six months.
The Blockbuster sequel: Unit 42 researchers identify new overlapping threats tied to 2014’s Operation Blockbuster.
Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.
This post explores how the attackers attempt to gain a foothold into target networks before briefly describing the malware families used.