Sorry, but this post is not available in English

25 September 2014 Łukasz Siewierski

Read more

VBKlip 2.0: no clipboard, but Matrix-like effects

5 September 2014 Łukasz Siewierski

In the last few weeks we received information about a new kind of malware, similar to the VBKlip malware family. However, while reading these incident reports we got a bit of a science-fiction feeling. Users described that they went to the e-banking site and they tried to perform a wire transfer. When they pasted the account number, they saw that it was different than the one they copied. They thought they became infected with the VBKlip and they decided to write the bank account number manually, without the clipboard. When they entered the bank account number it changed “right before they eyes”. This was similar to the famous Matrix animation with green, changing digits. Thanks to one of the reporters we were able to analyze a sample of this malware and see that in fact it did change the bank account number, even if it was entered manually. We decided to call this malware “Banatrix”.

Read more

Android RAT malware spreading via torrents

11 August 2014 Łukasz Siewierski

In the last few days we observed a number of new attacks targeting the Polish Android users. Many Polish and foreign blogs reported the phishing e-mails using Kaspersky brand to convience user to install an apk file. Below some details of this attack, including the malware analysis, are provided. Thanks to the cooperation of different actors, C&C server was taken down very quickly. Malware moved to the new C&C and changed its infection vectors. Below we also describe the new (though some may call it vintage) infection vector utilizing the BitTorrent network. We are sure that all of these attacks are performed by the same person or a group that created the VBKlip in the .NET version.

Read more

Sorry, but this post is not available in English

1 August 2014 Przemysław Zielony

AutoIt scripts are the new black for malware startups

4 July 2014 Łukasz Siewierski

We see scanning for vulnerable BMC modules

30 June 2014 alex

E-mail trojan attack on and online auction website clients

25 June 2014 Łukasz Siewierski