Blog
Pradeep Kulkarni

About Pradeep Kulkarni

Pradeep Kulkarni is leading the IPS team in Quick Heal Technologies Limited. Having worked in the IT security industry for over 11 years, he has worked on various security products and has a keen interest in writing blog posts on trends observed during his research.

Obfuscated Equation Editor Exploit (CVE-2017-11882) spreading Hawkeye Keylogger

  • 15
    Shares
 November 1, 2018

Estimated reading time: 6 minutes

Cyber-attacks through phishing emails are increasing and generally, attackers use DOC embedded macros to infiltrate victim’s machine. Recently Quick Heal Security Labs came across a Phishing e-mail sample which uses Microsoft’s equation editor exploit to spread Hawkeye keylogger. Cybercriminals use different techniques to steal confidential data. Now they are offering...

Cryptocurrency miner hits IoT devices, mostly affects Brazil and Russia!

  • 21
    Shares
 August 9, 2018

Estimated reading time: 3 minutes

According to a blogpost published on Aug 1, 2018, 200,000 routers in Brazil were compromised to deliver Cryptocurrency mining scripts to mine Monero (XMR) cryptocurrency. Hackers compromised the vulnerable MikroTik routers by injecting CoinHive scripts into the routers web pages in order to carry out the mass Cryptocurrency miner attack....

An in-depth analysis of a new, emerging “.url” malware campaign – by Quick Heal Security Labs

  • 2
    Shares
 March 19, 2018

Estimated reading time: 5 minutes

Last week, we had blogged about the emergence of a new attack vector ‘.url’ which is used to spread malware. In this blog post, we will deep-dive into the attack chain of this ‘.url’ vector and elaborate on the Quant Loader malware which is actively making use of it. Let’s...

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

 February 3, 2018

Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable...

Quick Heal thwarts attempts of a JAVA jRAT phishing campaign targeting an international embassy in India

  • 35
    Shares
 January 16, 2018

Estimated reading time: 4 minutes

Earlier we had blogged about how JAVA based jRAT malware were evolved in the recent times. At Quick Heal Security Labs, we are actively observing jRAT campaigns happening in the wild. These JAVA malware spread through phishing campaigns. While analyzing one such phishing campaign, we found that an International embassy in India was being targeted by phishers. The malware used in the phishing campaign was the infamous JAVA malware called jRAT. ...

Massive campaign delivering Monero Miner via compromised websites – an analysis by Quick Heal Security Labs

  • 4
    Shares
 November 24, 2017

Estimated reading time: 4 minutes

Ransomware outbreaks have been on the rise for quite some time now but suddenly we are observing a change in this trend.  Seems like the rise observed in cryptocurrency valuations especially for Bitcoins is making attackers to go after cryptocurrency mining. Cryptocurrency miner malware have become hot attack vectors for...

A recent .NET Framework zero day Vulnerability (CVE-2017-8759) is dropping Infostealer malware- An analysis by Quick Heal Security Labs

 October 16, 2017

Estimated reading time: 4 minutes

.NET Framework Remote Code Execution Vulnerability (CVE-2017-8759) is a code injection vulnerability in the SOAP WSDL parser of .net framework. This vulnerability was a zero-day when it was spotted in the wild. Quick Heal Security Labs had released advisory in the month of September 2017 to address it. This vulnerability...

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

 October 13, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable...

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 2
    Shares
 September 7, 2017

Estimated reading time: 2 minutes

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to...

Petya ransomware is affecting users globally, here are things you can do

  • 1
    Share
 June 28, 2017
Petya_ransomware_quick_heal

Estimated reading time: 2 minutes

Quick Heal Security Labs has come across a new strain of Petya Ransomware that is affecting users globally. This clearly looks like early signs of a new ransomware attack that is spreading fast across the globe. Currently, we have seen multiple reports of this ransomware attack from several countries. Our...