Android RAT malware spreading via torrents

11 August 2014 Łukasz Siewierski

In the last few days we observed a number of new attacks targeting the Polish Android users. Many Polish and foreign blogs reported the phishing e-mails using Kaspersky brand to convience user to install an apk file. Below some details of this attack, including the malware analysis, are provided. Thanks to the cooperation of different actors, C&C server was taken down very quickly. Malware moved to the new C&C and changed its infection vectors. Below we also describe the new (though some may call it vintage) infection vector utilizing the BitTorrent network. We are sure that all of these attacks are performed by the same person or a group that created the VBKlip in the .NET version.

Read more

Sorry, but this post is not available in English

1 August 2014 Przemysław Zielony

Read more

AutoIt scripts are the new black for malware startups

4 July 2014 Łukasz Siewierski

AutoIt scripts use becomes more and more fashionable for malware obfuscators, cryptors and alike. Especially among the not-so-sophisticated malicious software. Recently we described the phishing attack targeted at Polish users using Booking.com and Allegro.pl. This attacked used AutoIt script (called RazorCrypt) in one of its stages in order to pack the final malware. We observed a somewhat similar campaign (although there are no conclusions about the authors this time) that also used a very interesting AutoIt script and also was targeting Polish users of an auction website Allegro.pl.

Read more

We see scanning for vulnerable BMC modules

30 June 2014 alex

E-mail trojan attack on Booking.com and online auction website Allegro.pl clients

25 June 2014 Łukasz Siewierski

A look on the VBKlip “battlefield”

29 May 2014 Łukasz Siewierski

Polish team wins NATO exercise

26 May 2014 alex