Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Get the latest Threat Report Q3 2018 here.

Posts by Threat Research:

Emotet Makes Good Websites Go Bad – Uniden Edition
Posted on: April 16, 2019

What Is It? Legitimate websites are prized by malicious actors as distribution sites for their malware. The primary reason is that a link to a legitimate website is more likely to be clicked on by potential victims. The more well known the organization, the more likely its website or entire domain is whitelisted and less… Read more »

GlitchPOS and DMSniff Join Point-of-Sale Malware Category
Posted on: March 18, 2019

What Is It? Researchers at Cisco TALOS and Flashpoint recently reported their findings into two pieces of Point-of-Sale (POS) trojan malware, known respectively as GlitchPOS and DMSniff. GlitchPOS malware, as detailed by Cisco TALOS, is being marketed by the author similarly to legitimate software. The author has provided screenshots of the control panel, where the… Read more »

Danabot Trojan Evades IDS/IPS Detection
Posted on: February 13, 2019

What Is It? As previously discussed in a threat report in October 2018, the Danabot trojan has been under active development since it was first observed in May 2018. This development has continued as researchers at ESET noted a new version in December 2018 that added email address harvesting and spam sending functions. The most recent version, discussed in… Read more »

Ursnif Trojan Campaign Uses Steganography and Mario
Posted on: February 12, 2019

What Is It? A new Ursnif campaign discovered by researchers at Bromium, and later reported by media, utilizes a Microsoft Excel file containing a malicious macro, Powershell and an image of the Nintendo character Mario. There are a few noteworthy aspects of this attack, beginning with the Mario image. The image was not downloaded to be… Read more »

Dunihi RAT Tricks Legacy Anti-Virus
Posted on: February 01, 2019

What is Dunihi RAT? It has been well known that signature-based anti-virus (AV) solutions have significant shortcomings, especially when attempting to detect new advanced persistent threats (APTs). However, many people might assume that legacy AV is still capable of detecting basic attacks that utilize relatively old code. This is not necessarily the case, as in… Read more »

Anatova Ransomware Built for Speed
Posted on: January 23, 2019

What Is It? Researchers at McAfee have detailed their discovery of a new piece of ransomware they named Anatova. What makes Anatova different is the apparent level of skill of the authors and the code’s modular design. The authors clearly placed a value on the level of effort they expended as the cybercurrency ransom is… Read more »

Emotet Authors Refresh Attacks After Orthodox Christmas
Posted on: January 16, 2019

What Is It? A report from researchers at Cisco TALOS describes the detection of recent Emotet trojan campaign. Currently, Emotet is one of the most prolific of trojans with a history of being continuously updated by its authors. Initially released as a banking trojan, Emotet is often deployed as an initial malware infection, downloading various payloads,… Read more »

Vidar Malware Packs a Trojan and Ransomware Punch
Posted on: January 09, 2019

Researchers at Malwarebytes have reported on a new malware campaign that uses a new variant of Arkei malware, which they’ve named Vidar. The campaign, which they tracked for several weeks, begins with malicious advertising (malvertising) and results in the installation of information stealing malware, which then installs GandCrab ransomware. The information stealing malware most commonly… Read more »

Rising Sun Backdoor Malware Launches With Operation Sharpshooter 
Posted on: December 13, 2018

What Is It? Researchers at McAfee have released a report into a new Advanced Persistent Threat (APT) campaign they have named Operation Sharpshooter, which uses a cyber espionage payload they named Rising Sun. The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection,… Read more »

Black Friday Phishing Dos and Don’ts
Posted on: November 21, 2018

The day after Thanksgiving in the U.S. is one its biggest shopping days as retailers do their best to attract customers to their online and offline stores. Shoppers, looking for the best bargains, know that swift action can often get them the rarest of deals. Of course, malware attackers know this and, thus, create Black… Read more »