Blog

December 2018

Beware! Your website might be delivering Emotet malware

  • 17
    Shares
0

Estimated reading time: 11 minutes

In 2018, we saw a surge in Emotet activity. Emotet started as a banking trojan but this blog will shed light on how it has also become a “threat distributor”. We will also discuss server-side and client-side activity and how it spreads. Its self-propagation makes it all the more challenging...

Beware!! PDF Attachments Launching Android malware

  • 27
    Shares
0

Estimated reading time: 4 minutes

As a normal user we receive multiple emails on a daily basis with PDF as an attachment. Recently, at Quick-Heal Security Lab, we observed a malicious PDF file sent to users as an attachment via a phishing mail. These PDF files look like a regular document but that’s not the...

FakeApp discovered on Google Play Store which increases download count and rating of other applications.

  • 3
    Shares
1 Comment

Estimated reading time: 3 minutes

Quick Heal Security Lab has spotted few FakeApps with more than 50,000+ installations on Google Play Store. These applications appear to be genuine as a PDF reader, PDF Downloader, PDF Scanner etc., but don’t have such functionality. The main purpose of these apps is to increase the download count of...

GandCrab says, “We will become back very soon! ;)”

1 Comment

Estimated reading time: 5 minutes

GandCrab has been in the wild since last week of January 2018. Over the period it kept learning from its mistakes and GandCrab’s agile development grabbed the attention of many security researchers. From moving its servers to Namecoin powered Top Level Domain (.BIT TLD) servers after the first breach, then learning from...

Stay alert when planning your travels this holiday season

  • 15
    Shares
1 Comment

Estimated reading time: 2 minutes

Planning a trip this holiday season? While, you spend a considerable amount of time shuffling money on online bookings for flights, hotels and cabs, take care that you DO NOT share your details on doubtful looking travel sites. Just like holidays are a busy time for you and me, it’s...

Ghost Has Arrived

0

Estimated reading time: 5 minutes

On the back of an upswing in Ransomware activity, we decided to carry out an in-depth analysis of Ghost Ransomware. Interesting fact about this malware is that it uses multiple components to encrypt user files. Technical Analysis : Main malware executable (Ghost.exe) is compiled using the DotNet Framework. The infection...

Sophisticated Ransomware : “Katyusha”

  • 16
    Shares
0

Estimated reading time: 6 minutes

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not...

CVE-2018-15982- Adobe Flash Player use after free (Zero Day) vulnerability alert!

2

Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-15982 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-42 on December 5, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in targeted attacks. Vulnerable Versions Adobe...