Securing the .pl domain

Analysis of a Polish BankBot

Data publikacji: 16/01/2018, Agnieszka Bielec

Analysis of a Polish BankBot Recently we have observed campaigns of a banking malware for Android system, which targets Polish users. The malware is a variant of the popular BankBot family, but differs from the main BankBot samples. Its victims were infected by installing a malicious application from Google Play Store. We are aware of [...] Read more

A deeper look at Tofsee modules

Data publikacji: 19/10/2017, Jarosław Jedynak

Tofsee is a multi-purpose malware with wide array of capabilities – it can mine bitcoins, send emails, steal credentials, perform DDoS attacks, and more. All of this is possible because of its modular nature. We have already published about Tofsee/Gheg a few months ago – https://www.cert.pl/en/news/single/tofsee-en. Reading or at least skimming it is probably required [...] Read more

Ramnit – in-depth analysis

Data publikacji: 29/09/2017, Michał Praszmo

If we look on Ramnit’s history, it’s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it’s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files. A year later, a more dangerous version was released. It contained a part [...] Read more

Mole ransomware: analysis and decryptor

Data publikacji: 30/05/2017, Jarosław Jedynak

Mole ransomware is almost month old ransomware (so it’s quite old from our point of view), that was distributed mainly through fake online Word docs. It’s a member of growing CryptoMix family, but encryption algorithm was completely changed (…again). We became interested in this variant after victims contacted us asking for a decryptor. Remembering that [...] Read more