Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts. The post Beware of BadPack: One Weird Trick Being Used Against Android…
Tag: Unit 42
DarkGate: Dancing the Samba With Alluring Excel Files
We perform an in-depth study of a DarkGate malware campaign exploiting Excel files from early this year, assessing its functionality and its C2 traffic. The post DarkGate: Dancing the Samba With Alluring Excel Files appeared first on Unit 42. This…
Dissecting GootLoader With Node.js
We demonstrate effective methods to circumvent anti-analysis evasion techniques from GootLoader, a backdoor and loader malware distributed through fake forum posts. The post Dissecting GootLoader With Node.js appeared first on Unit 42. This article has been indexed from Unit 42…
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability
This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems. The post Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability appeared first on Unit 42. This article has been indexed from Unit 42…
The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention
Our novel contrastive credibility propagation algorithm improves on data loss prevention and has unique applications to sensitive material. The post The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention appeared first on Unit 42. This article has…
Attackers Exploiting Public Cobalt Strike Profiles
Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques. The post Attackers Exploiting Public Cobalt Strike Profiles appeared first on Unit 42. This article has been indexed from Unit 42…
Attack Paths Into VMs in the Cloud
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths. The post Attack Paths Into VMs in the Cloud appeared first on Unit 42. This article has…
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
A Chinese APT group is targeting political entities across multiple continents. Named Operation Diplomatic Specter, this campaign uses rare techniques and a unique toolset. The post Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target…
Payload Trends in Malicious OneNote Samples
This article examines the distribution of malicious payloads embedded in Microsoft OneNote files by type, a first in our research to do so at such a scale. The post Payload Trends in Malicious OneNote Samples appeared first on Unit 42.…
Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited. The post Leveraging DNS Tunneling for Tracking and Scanning appeared first on Unit 42. This article…