Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.

Posts by Threat Research:

Flash Updater Adds Cryptocurrency Miner
Posted on: October 15, 2018

What Is It? Adobe has set the official end of life date for its frequently exploited Flash software at the end of 2020. This date cannot come soon enough. Despite a significant reduction in its use, Flash continues to be regularly exploited by attackers. In the most recent case, as detailed by researchers from Palo… Read more »

Malware 101: How Malware Avoids Static Detection Techniques
Posted on: October 10, 2018

In order to successfully execute their malware on endpoints, attackers need to design their code to evade two categories: static detection (when the code is at rest) and behavioral detection (when the code is executing). As a security professional, understanding how an attacker utilizes a combination of evasion techniques can provide insight into how you… Read more »

Danabot Banking Malware Targets U.S. Organizations
Posted on: October 05, 2018

What Is It? The Danabot banking trojan was first seen by researchers in May 2018, targeting customers of Australian financial institutions. Since that time, other campaigns have been aimed at European banking customers in Poland, Italy, Germany, Austria and Ukraine. A recent report by the researchers at Proofpoint describes a campaign directed at customers of… Read more »

Malware 101: The Malware Tools That Attackers Use
Posted on: October 02, 2018

When it comes to malware, there are no two pieces that are exactly alike. On one hand, that’s to avoid detection on the end user’s device. On the other, it’s because that malware is influenced by a wide variety of information gathering, tools, utilities and even a community to construct their attacks. As a security… Read more »

Fancy Bear’s Lojax is First UEFI Rootkit in the Wild
Posted on: September 28, 2018

What Is It? Researchers from ESET released a whitepaper to coincide with a presentation at this week’s Microsoft BlueHat Security Conference. The whitepaper details their discovery of the first Unified Extensible Firmware Interface (UEFI) rootkit to be found in the wild, which they have dubbed Lojax. They have tied this rootkit to the APT group… Read more »

Delphi Crypters Rise In Popularity
Posted on: September 24, 2018

What Is It? A posting on FireEye’s Threat Research blog described a recently observed rise in the usage of crypters written in Borland’s Delphi programming language. Crypters have been used for a number of years to not only compress, but to make malware samples more difficult to detect and reverse engineer. Crypters used by malware… Read more »

Cobalt Group Targets Banks in Romania and Russia
Posted on: September 06, 2018

What Is It? Researchers at Arbor Networks ASERT team recently observed by the Cobalt group attempting to use spear phishing emails containing multiple malicious links in order to compromise Russian and Romanian banks. The recent attack shows the resilience of Cobalt after successes by law enforcement against high ranking members of the group. In March… Read more »

RtPOS Malware’s Year in the Wild Before Discovery
Posted on: August 30, 2018

What Is It? A new report from Booz Allen Hamilton Cyber (BAHC) describes a piece of point of sale (POS) malware named RtPOS that appears to have been undiscovered for a year. In previous Threat Reports, we have discussed the concept of dwell time in (RadRAT and InvisiMole) as the period of time between a network… Read more »

Turla APT Group Uses Novel Email Backdoor
Posted on: August 23, 2018

What Is It? Researchers from security company Eset have released a report detailing their analysis of malware used by the Advanced Persistent Threat (APT) group Turla (also known as Waterbug, Venomous Bear and KRYPTON). The malware is currently using a novel technique for its command and control (C2) communication, it utilizes specially-formatted PDF files in… Read more »

Dark Tequila Malware Targets Mexican Users for Five Years
Posted on: August 23, 2018

What Is It? A new malware, named Dark Tequila, is designed to obtain financial information and various types of login credentials. Researchers at Kaspersky Labs released a report detailing the sophisticated trojan that has been targeting Mexican users since 2013. Researchers believe the authors are native Spanish speakers and are geographically-based somewhere in Latin America.… Read more »