Blog

Malware

Obfuscated Equation Editor Exploit (CVE-2017-11882) spreading Hawkeye Keylogger

  • 15
    Shares
 November 1, 2018

Estimated reading time: 6 minutes

Cyber-attacks through phishing emails are increasing and generally, attackers use DOC embedded macros to infiltrate victim’s machine. Recently Quick Heal Security Labs came across a Phishing e-mail sample which uses Microsoft’s equation editor exploit to spread Hawkeye keylogger. Cybercriminals use different techniques to steal confidential data. Now they are offering...

Deep analysis of AZORult – The information exfiltrator

 October 16, 2018

Estimated reading time: 5 minutes

While the current focus in the cyberspace is on Ransomware and Cryptominers there are other prevalent threat actors silently making their way into victim’s machine in order to comprise it for malicious purpose. During the daily threat hunting task,Quick Heal Security labs came across a blocked URL by Quick Heal’s...

Emerging trend of spreading malware through IQY files

 October 3, 2018

Estimated reading time: 4 minutes

Nowadays attackers are searching for new techniques to spread malware, recently we came across a new emerging way to deliver malware through IQY file. Till now we had seen spread of malware through various file types and chains such as Word document, Script, JAVA files. Fig 1: Attack chain IQY file...

“Troldesh’s” One More Variant in the Encryption Offender

  • 22
    Shares
 September 3, 2018

Estimated reading time: 4 minutes

Over the past few days, we have been observing criminals/hackers using a new carrier to deliver the ransomware malware. Recently, Quick Heal Security Labs observed a new variant of Troldesh ransomware which encrypts the data and adds the extension as “.no_more_ransom”. This ransomware comes under Crypto-Ransomware variant, the origin of this...

I am invisible – Monero (XMR) Miner

  • 43
    Shares
 September 3, 2018

Estimated reading time: 4 minutes

From the last one year, Quick Heal Security Labs has been observing a boost in the number of mining malware. Nowadays malware authors are using mining as a replacement for Ransomware to make money. Recently Quick Heal Security Labs came across a malware which mines Monero(XMR). This miner has many...

Cryptocurrency miner hits IoT devices, mostly affects Brazil and Russia!

  • 21
    Shares
 August 9, 2018

Estimated reading time: 3 minutes

According to a blogpost published on Aug 1, 2018, 200,000 routers in Brazil were compromised to deliver Cryptocurrency mining scripts to mine Monero (XMR) cryptocurrency. Hackers compromised the vulnerable MikroTik routers by injecting CoinHive scripts into the routers web pages in order to carry out the mass Cryptocurrency miner attack....

Beware of the Armage Ransomware – the File Destroyer!

  • 17
    Shares
 August 8, 2018

Estimated reading time: 3 minutes

In July last week, Quick Heal Security Labs detected a new ransomware called Armage. It appends ‘.Armage’ extension to files it encrypts. Armage ransomware uses the AES-256 encryption algorithm to encode files making them inoperable. It spreads via spam emails and corrupted text files. Technical analysis Once executed on the...

The evolution of a 4-year-old-threat Emotet: From an infamous Trojan to a complex threat distributer

  • 15
    Shares
 July 25, 2018

Estimated reading time: 6 minutes

Emotet malware campaign has been existing for a long time. It comes frequently in intervals with different techniques and variants to deliver malware on a victim. Attackers are smart and they use complex techniques to avoid detection. At the start of 2017, we had seen the emotet campaign spreading through...

Your copy-paste habit can cost you your money

  • 20
    Shares
 July 19, 2018

Estimated reading time: 4 minutes

How often do you store your important data in files? It’s very common, right? This data may be URLs, topics, personal data like contacts, email-ids, usernames of different portals and sometimes passwords too (though always recommended to not to do so). We very casually copy this data and paste it...