Threat Research

Threat Research

Copy-pasting Thief from a Copy-pasted Code

Recently, we noticed an unusual sample. It triggered our sensors because of the Japan encoding in one of its resources. Further analysis showed that it is not only targeting Japanese users, but any holder of Bitcoin assets.

Threat Research

GandCrab v4.1 Ransomware and the Speculated SMB Exploit Spreader

Only two days after the release of GandCrab 4.0, FortiGuard Labs found a newer version (v4.1) being distributed using the same method, which is through compromised websites disguised as download sites for cracked applications.

By Joie SalvioJuly 12, 2018

Threat Research

GandCrab V4.0 Analysis: New Shell, Same Old Menace

It has been over two months since GandCrab has undergone a major update. While this latest version includes an overhaul in terms of the code structure, its major purposes are practically the same.

By Joie SalvioJuly 09, 2018

Threat Research

Hussarini – Targeted Cyber Attack in the Philippines

FortiGuard Labs spotted a malicious document with the politically themed file name “Draft PH-US Dialogue on Cyber Security.doc”. This document takes advantage of the vulnerability CVE-2017-11882. Upon successful exploitation, it drops a malware in the victim’s %temp% directory.

Threat Research

Easy Hosting Control Panel: SQL Injection & Multiple XSS Vulnerabilities

As part of our ongoing threat research at FortiGuard Labs, we discovered that EHCP contains an SQL Injection and multiple cross-site Scripting (XSS) vulnerabilities.

By Zhouyuan YuangJuly 08, 2018

Threat Research

An Analysis of the Use-After-Free Bug in the Microsoft Edge Chakra Engine (CVE-2018-0946)

Microsoft fixed an use-after-free bug in the Edge Chakra Engine in the May 2018 Patch. This bug (CVE-2018-0946) causes the Chakra Engine to access a freed function address that can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page via Microsoft Edge.

By Dehui YinJune 28, 2018

Threat Research

Recent Security Research News

This blog post is a summary of some recent research work that caught my attention in May 2018.

By Axelle ApvrilleJune 28, 2018

Threat Research

How Much Malware Can You Stuff Into An Attack?

Last week, a new threat known as Mylobot was trending that included multiple evasions and a large number of separate malware variants blended into a single threat. Read more.

By FortiGuard SE TeamJune 27, 2018

Threat Research

How to Protect Your Privacy on The Web

Privacy-minded consumers can combine general strategies with cost effective privacy-oriented tools to achieve the goal of protecting their privacy and identity.

By Minh TranJune 20, 2018

Threat Research

Thrip ATP Attack Update

In conjunction with the Cyber Threat Alliance, Symantec today released their blog post on an APT (advanced persistent threat) group codenamed "Thrip.” As part of our membership with the Cyber Threat Alliance (CTA), we have received these indicators ahead of publication to ensure that FortiGuard customers are protected from this latest disclosure.

By FortiGuard SE TeamJune 19, 2018