We are excited to announce that our colleague Joseliyo Sánchez, will be at Labscon to present our workshop: Advanced Threat Hunting: Automating Large-Scale Operations with LLMs. This workshop is a joint effort with SentinelOne and their researcher, Aleksandar Milenkoski. In…
Category: VirusTotal Blog
Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files…
Integrating Code Insight into Reverse Engineering Workflows
More than two years have passed since we announced the launch of Code Insight at RSA 2023. From that time on, we have been applying this technology in different scenarios, expanding its use in new file formats (1, 2). As we…
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
Spoiler: VirusTotal Code Insight’s preliminary audit flagged nearly 8% of MCP (Model Context Protocol) servers on GitHub as potentially forged for evil, though the sad truth is, bad intentions aren’t required to follow bad practices and publish code with critical…
YARA-X 1.0.0: The Stable Release and Its Advantages
Short note for everyone who already lives and breathes YARA: Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/ Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. What changes…
Code Insight Expands to Uncover Risks Across the Software Supply Chain
When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover more file types. Today, we announce that Code Insight can now analyze a broader range of formats crucial…
Applying AI Analysis to PDF Threats
In our previous post we extended VirusTotal Code Insights to browser extensions and supply-chain artifacts. A key finding from that analysis was how our AI could apply contextual knowledge to its evaluation. It wasn’t just analyzing code in isolation, it…
Code Insight Expands to Uncover Risks Across the Software Supply Chain
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover…
YARA-X 1.0.0: The Stable Release and Its Advantages
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. Short note for everyone who already lives and breathes YARA: Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/ What changes…
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. Spoiler: VirusTotal Code Insight’s preliminary audit flagged nearly 8% of MCP (Model Context Protocol) servers on GitHub as potentially forged for evil,…