When it comes to cybersecurity, speed and accuracy are everything — especially in the financial sector, where targeted and industry-specific attacks are on the rise. For Northwestern Mutual, a leader in financial services, the challenge was clear: streamline their threat investigation process, minimize false positives, and ensure their incident response
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In February 2025,
Executive summary: The second half of 2024 shows how attackers are continuing to refine their tactics to target both organizations and individuals. The period saw substantial financial losses, including the continuation of ransomware extortions and large-scale phishing campaigns. High-profile incidents targeted major platforms like Facebook, GitHub, and LinkedIn, alongside government
Introduction SEO poisoning, also known as search poisoning, is a cyberattack technique where threat actors manipulate search engine algorithms to rank malicious websites higher in search results. These sites appear legitimate but serve malicious payloads, steal credentials, or facilitate phishing scams. This blog will explore how SEO poisoning works, its
Introduction DLL sideloading is a widely used attack technique that exploits how Windows applications load dynamic link libraries (DLLs). Threat actors use it to execute malicious payloads while evading traditional security measures. This post explores how this attack technique works, why it is attractive to attackers, and the best methods
In an era where cyber threats evolve faster than ever, organizations need more than raw data—they need actionable threat intelligence. This intelligence transforms overwhelming threat feeds into prioritized, contextual insights that cybersecurity teams can act on immediately. At VMRay, a leader in advanced malware sandboxing and context-rich threat intelligence, we
Introduction As we wrapped up last year, we released a bonus update featuring the VMRay Platform architecture upgrade to Ubuntu 22.04 LTS and enhanced LNK file analysis. While not bursting with new additions, we believe these updates have made the Platform more stable and easier to maintain. Now, for our
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In January 2025,
Fully undetected Shell Script dropping macOS Atomic Stealer 04 February 2025 VMRay Labs found a DMG file containing a malicious Shell Script used to download and execute Atomic Stealer remained fully undetected on VirusTotal for two days. The Shell Script applies basic obfuscation via encoding and shows strong indicators to
Staying ahead of adversaries requires more than just reactive defenses—it demands a proactive, intelligence-driven approach. Cyber threat intelligence (CTI) has become critical for identifying and mitigating risks from advanced threat actors. This is especially true for organizations facing targeted attacks. Let’s dive into the frameworks, tools, and strategies that empower
Heavily obfuscated batch file loads XWorm hosted on GitHub 20 January 2025 VMRay Labs found a multi-stage obfuscated batch script with low detections on VirusTotal which downloads and executes XWorm from GitHub. The sample uses a UTF-16 Byte Order Marker and an open source Batch obfuscator to hinder manual analysis.
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In December 2024,
In today’s hyper-connected world, the digital transformation of businesses has significantly created an ever-expanding attack surface for cybercriminals. Moreover, with sophisticated malware, ransomware, and phishing campaigns on the rise, traditional security measures often fall short. Therefore, to effectively counter these threats, organizations are increasingly turning to Threat Intelligence Platforms (TIPs)—a
Backdoored configuration script waits until user is inactive (!) to run Linux malware VMRay Labs has found a backdoored build configuration script for httpd designed to drop and run the XMRig malware to mine Monero. ⛏️ ⏳ Surprisingly, the script waits until the user has been inactive for at least
Introduction Phishing has been known as one of the leading initial attack vectors for a long time. Here at VMRay we are continuously monitoring phishing activities in order to keep our users protected from new and existing phishing threats. In the past few months, we discovered several new phishing campaigns
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In November 2024,
The cybersecurity landscape is evolving at an unprecedented pace. For organizations, keeping ahead of potential threats is no longer optional—it’s a necessity. Cybercriminals are becoming more sophisticated, using advanced techniques to evade detection and exploit vulnerabilities. In this environment, security teams face mounting pressures to stay proactive and focused. Threat
Introduction As 2024 comes to a close, we’ve already rolled out four impactful releases, each packed with new features and enhancements across our VMRay Platform products. Now, we’re excited to share a bonus 5th release, focusing primarily on improving the Platform’s overall maintenance and stability. While this release may not
Updated on: 2025-02-13 Cybersecurity threats are becoming more complex, requiring proactive intelligence instead of basic defensive measures. Security teams can identify, understand, and mitigate potential threats with the aid of threat intelligence feeds. These feeds are collected from a variety of sources and provide security teams with real time data
In today’s rapidly evolving cyber landscape, government organizations face an increasing array of challenges that demand sophisticated, well-coordinated defense strategies. During a recent panel discussion, we had the opportunity to dive into these critical issues with Carsten Willems, CEO of VMRay, and Carlos Rivera, Senior Analyst at Forrester Research. This
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In October 2024, the
“Cybersecurity is a strategic, multiplayer game where teamwork matters—combining threat intelligence with sandboxing is like unlocking a powerful duo, essential for tackling today’s malware challenges.” Why building Cyber Threat Intelligence is a strategic need When it comes to defending against modern cyber threats, it’s no secret that the landscape
VIEW VMRAY’S ANALYSIS REPORT Overview First identified in October 2023, Latrodectus malware has since evolved significantly, becoming a key player in the cybercriminal ecosystem. The malware works mainly as a loader/downloader. Latrodectus malware has strong ties with the former, infamous loader IcedID, which was taken down in May 2024,
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In September 2024, the
Over the last 10-12 years, EDR solutions have become a mainstay in endpoint defense. The reason for the dramatic adoption of EDR solutions was because Anti-Virus (AV) solutions at the time were (and still are) unable to detect a new wave of undetectable threats. Document-based attacks with macro’s and fileless
In any other IT technology solution, from productivity suites, CRM, or financial applications, product suites are a logical way forward. Single source of vendor provides vendor consolidation, savings on cost, support, and maintenance requirements. It makes perfect sense. However, very few organizations have been compromised based on their buying decision
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In August 2024, the
Introduction The first quarters of 2024 have been nothing short of dynamic, with three impactful releases! We hope you’ve enjoyed the features delivered in recent months, including the simplified integration with the built-in SentinelOne connector, support for MITRE ATT&CK® v14.1, and two new file analysis environments for our dear FinalVerdict
Latrodectus updates to version 1.4 with AES-256 string encryption We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version. In a nutshell: PRNG and XOR
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In July 2024, the
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
