Recent Webinar: Building an Adaptive Cyber Resilient Cloud
arrow-white arrow-white Watch now
close
Posted by Michael Gorelik on October 13, 2017
Posted by Michael Gorelik on September 26, 2017

This report was authored by: Michael Gorelik and Assaf Kachlon.

Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a...

Read More
Posted by Michael Gorelik on September 18, 2017

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner cloud version 1.07...

Read More
Posted by Michael Gorelik on June 9, 2017

Introduction

On June 7, 2017, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US. The ongoing campaign allows hackers to seize system control and install a backdoor to steal financial information...

Read More
Posted by Morphisec Team on May 19, 2017

Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.

Read More
Posted by Michael Gorelik on April 27, 2017

Introduction

From April 19-24, 2017, a politically motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial...

Read More
Posted by Michael Gorelik on March 16, 2017

Introduction

On the 8th of March,, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of...

Read More
Posted by Roy Moshailov on March 13, 2017

Introduction

Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a...

Read More
Posted by Roy Moshailov on December 27, 2016

 The full report is also available as PDF. 

On December 12, 2016 Morphisec identified and monitored a new wave of sophisticated malware delivered via targeted phishing emails with malicious macro-based documents attached. The malicious documents...

Read More
Posted by Ursula Ron on December 8, 2016

They’re starting to be as reliable as clockwork. Every 3-4 weeks a new wave of Hancitor campaigns hit, with improved targeting and new tricks to evade detection. The latest variant comes via a malicious MS Word attachment to a fairly convincing...

Read More
Posted by Ursula Ron on December 7, 2016

The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or...

Read More
Posted by Roy Moshailov on November 26, 2016

 The full report is also available as PDF. 

From November 7 – 15, 2016, Morphisec identified and monitored a new wave of sophisticated malware attacks using a modified version of the Hancitor downloader. The malware is delivered via targeted...

Read More
Posted by Michael Gorelik on October 22, 2016

UPDATED POST  - NOW WITH DETAILED TECHNICAL ANALYSIS!

During October 17 to 21, Morphisec identified and prevented several malicious and sophisticated macro-based documents at the site of one of our customers delivering a fileless Kovter backdoor...

Read More
Posted by Michael Gorelik on October 13, 2016

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the...

Read More
Posted by Michael Gorelik on September 16, 2016

New Locky – Zepto variant prevented by Morphisec

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in...

Read More
Posted by Michael Gorelik on September 8, 2016

Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that...

Read More
Posted by Michael Gorelik on July 6, 2016

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price...

Read More
Posted by Michael Gorelik on July 2, 2016

The disappearance of Angler has left a gaping hole in the malware market which cybercriminals are only to happy to fill with new variants of old standbys. The latest to reemerge after a period of disuse are Locky and Dridex. A new Locky campaign...

Read More
Posted by Michael Gorelik on June 13, 2016

With fileless malware popping up more and more frequently, particularly sophisticated PowerShell attacks, we thought it useful to examine these threats by reverse engineering those in-memory samples from Virus Total that have the lowest detection...

Read More
Posted by Michael Gorelik on May 20, 2016

Yet another critical Flash vulnerability was uncovered this month, thanks to researchers at FireEye. The vulnerability, CVE-2016-4117, exists in Flash 21.0.0.226 and earlier versions for Windows, Mac, Linux, and Chrome OS. It received a CVSS v3...

Read More