Backdoored configuration script waits until user is inactive (!) to run Linux malware VMRay Labs has found a backdoored build configuration script for httpd designed to drop and run the XMRig malware to mine Monero. ⛏️ ⏳ Surprisingly, the script waits until the user has been inactive for at least
Introduction Phishing has been known as one of the leading initial attack vectors for a long time. Here at VMRay we are continuously monitoring phishing activities in order to keep our users protected from new and existing phishing threats. In the past few months, we discovered several new phishing campaigns
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In November 2024,
The cybersecurity landscape is evolving at an unprecedented pace. For organizations, keeping ahead of potential threats is no longer optional—it’s a necessity. Cybercriminals are becoming more sophisticated, using advanced techniques to evade detection and exploit vulnerabilities. In this environment, security teams face mounting pressures to stay proactive and focused. Threat
Introduction As 2024 comes to a close, we’ve already rolled out four impactful releases, each packed with new features and enhancements across our VMRay Platform products. Now, we’re excited to share a bonus 5th release, focusing primarily on improving the Platform’s overall maintenance and stability. While this release may not
While threats against cybersecurity increase in complexity, it calls for proactive intelligence to stay ahead rather than mere defensive capabilities. Threat intelligence feeds provide security teams with live insight into finding, understanding, and mitigating potential threats before they affect the system. The following post will give the details about what
In today’s rapidly evolving cyber landscape, government organizations face an increasing array of challenges that demand sophisticated, well-coordinated defense strategies. During a recent panel discussion, we had the opportunity to dive into these critical issues with Carsten Willems, CEO of VMRay, and Carlos Rivera, Senior Analyst at Forrester Research. This
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In October 2024, the
“Cybersecurity is a strategic, multiplayer game where teamwork matters—combining threat intelligence with sandboxing is like unlocking a powerful duo, essential for tackling today’s malware challenges.” Why building Cyber Threat Intelligence is a strategic need When it comes to defending against modern cyber threats, it’s no secret that the landscape
VIEW VMRAY’S ANALYSIS REPORT Overview First identified in October 2023, Latrodectus malware has since evolved significantly, becoming a key player in the cybercriminal ecosystem. The malware works mainly as a loader/downloader. Latrodectus malware has strong ties with the former, infamous loader IcedID, which was taken down in May 2024,
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In September 2024, the
Over the last 10-12 years, EDR solutions have become a mainstay in endpoint defense. The reason for the dramatic adoption of EDR solutions was because Anti-Virus (AV) solutions at the time were (and still are) unable to detect a new wave of undetectable threats. Document-based attacks with macro’s and fileless
In any other IT technology solution, from productivity suites, CRM, or financial applications, product suites are a logical way forward. Single source of vendor provides vendor consolidation, savings on cost, support, and maintenance requirements. It makes perfect sense. However, very few organizations have been compromised based on their buying decision
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In August 2024, the
Introduction The first quarters of 2024 have been nothing short of dynamic, with three impactful releases! We hope you’ve enjoyed the features delivered in recent months, including the simplified integration with the built-in SentinelOne connector, support for MITRE ATT&CK® v14.1, and two new file analysis environments for our dear FinalVerdict
Latrodectus updates to version 1.4 with AES-256 string encryption We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version. In a nutshell: PRNG and XOR
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In July 2024, the
Malware goes undetected by hiding malicious code in uncommon MS Access format 0/64 detections on VirusTotalas of 05.08.2024 The VMRay Labs team has uncovered a malware that goes completely undetected for weeks by hiding malicious p-code in MS Access’ uncommon ACCDE format. Microsoft Access allows users to export their databases
There are scenarios in which opting for the best possible solution is non-negotiable. Think of medical surgery, aerospace safety, military operations, or pharmaceutical development. The reason? While the probability of a catastrophe may seem low, its impact is extraordinarily high. In cybersecurity, breaches are no longer a low-probability event, and
Malicious batch file reveals full behavior only when it’s started by a double-click. 0/64 detections on VirusTotal as of 04.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). This batch file
The VMRay Labs team is always on the ball, scouring publicly available data to pinpoint any critical developments that need immediate focus. We ramp up these efforts with our own internal malware tracking process, keeping tabs on the latest headlines from the security community. This keeps us plugged into the
Obfuscated batch file downloads open-source stealer straight from GitHub 0/64 detections on VirusTotal as of 03.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal, with no security vendors flagging it (0/64). This batch file downloads an open-source stealer
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In May 2024, the
Introduction: The Significance of Locked Shields Participating in Locked Shields 2024, the largest and most complex international live-fire cyber defense exercise in the world, has been a monumental experience for VMRay. Organized annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) since 2010, Locked Shields brings together national
Introduction Two releases of 2024 are already behind us, but we’re not slowing down! We hope you’ve enjoyed the features delivered in recent months, including QR codes extraction from PDF files, URL extraction from OneNote documents, support for STIX 2.1 in Analysis Reports, as well as our continuous enhancements and
Malware executes its payload only when the screen is locked. 3/48 detections on VirusTotal as of 04.06.2024 The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload Then
Typically, large product suites sold as a bundle – in most industries – win over customers from a perceived value standpoint where best-in-class is less of a factor. However, as we are finding out from returning customers, there is a compelling argument for best-in-class when it comes to malware sandbox
AgentTesla delivered via exploiting Microsoft Office 5/61 detections on VirusTotalas of 14.05.2024 Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla. 5 of 61 detections on VirusTotal HASH: dc62fc5febad93b231a91fcb806df63441c6dff69b9a7c793aec78373f45e888 XLS → Equation Editor → Agent Tesla Malicious code loaded via remote
The Power of Pareto in Cybersecurity Economist Vilfredo Pareto’s famous “80/20” principle, stating that roughly 80% of effects come from 20% of causes, has long been recognized as a guiding economic principle. This economic principle can also be leveraged by security leaders to improve strategy. The “one size fits all”
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. In April 2024, the
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
