Unit 42
Fake Flash Updaters Push Cryptocurrency Miners
Unit 42 investigates a recent Fake Flash update pushing cryptocurrency mining software. Get the full report.
Get to know
Sort By:
Unit 42
Customizing Wireshark - Changing Your Column Display
Unit 42 shares a lesson on customizing Wireshark to better meet security researcher needs.
Unit 42
Malware Team Up: Malspam Pushing Emotet + Trickbot
Unit 42 examines Emotet and Trickbot, best known as banking malware and information stealers targeting Windows-based computers.
Unit 42
Rig EK One Year Later: From Ransomware to Coin Miners and Information Steal...
What a difference a year makes! As the dominant exploit kit (EK) in our current threat landscape, Rig EK has gone through significant changes. How much has Rig EK changed? In order …
Unit 42
Compromised Servers & Fraud Accounts: Recent Hancitor Attacks
Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.
Sort By:
Unit 42
Campaign Evolution: EITest from October through December 2016
EITest is a name originally coined by Malwarebytes Labs in 2014 to describe a campaign that uses exploit kits (EKs) to deliver malware. Until early January 2016, "EITest" was used as a …
Threat Prevention, Unit 42
Locky Ransomware Installed Through Nuclear EK
In February 2016, Unit 42 published detailed analysis of Locky ransomware. We certainly weren’t the only ones who saw this malware, and many others have also reported on it. Since that time, …
Unit 42
Campaign Evolution: Darkleech to Pseudo-Darkleech and Beyond
In 2015, Sucuri published two blog posts, one in March describing a pseudo-Darkleech campaign targeting WordPress sites, and another about its evolution the following December. Sites compromised by this campaign redirected unsuspecting …
Unit 42
How the EITest Campaign's Path to Angler EK Evolved Over Time
In October 2014, Malwarebytes identified a campaign based on thousands of compromised websites that kicked off an infection chain to Angler exploit kit (EK). It was named "EITest" campaign, because "EITest" was …
Malware, Threat Prevention, Unit 42
Afraidgate: Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX
In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS at …