Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild

Avast –  Avast –  Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other…

Decrypted: TaRRaK Ransomware

Avast –  Avast –  The TaRRaK ransomware appeared in June of 2021. This ransomware contains many coding errors, so we decided to publish a small blog about them. Samples of…

Outbreak of Follina in Australia

Avast –  Avast –  Our threat hunters have been busy searching for abuse of the recently-released zero-day remote code execution bug in Microsoft Office (CVE-2022-30190). As part of their investigations,…

Warez users fell for Certishell

Avast –  Avast –  Research of this malware family began when I found a malicious task starting powershell code directly from a registry key within our user base.  I wasn’t…

Zloader 2: The Silent Night

Avast –  Avast –  In this study we are considering one of Zeus successors – Zloader 2. We’ll show how it works and its code peculiarities. We’ll present the result…

Parrot TDS takes over web servers and threatens millions

Avast –  Avast –  A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching…

Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool

Avast –  Avast –  Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be…

Operation Dragon Castling: APT group targeting betting companies

Avast –  Avast –  We recently discovered an APT campaign we are calling Operation Dragon Castling. The campaign is targeting what appears to be betting companies in South East Asia,…

Mēris and TrickBot standing on the shoulders of giants

Avast –  Avast –  This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in a…

DirtyMoe: Worming Modules

Avast –  Avast –  The DirtyMoe malware is deployed using various kits like PurpleFox or injected installers of Telegram Messenger that require user interaction. Complementary to this deployment, one of…