Mastodawn

Jan Rubín Nov 28, 2024

In our ongoing mission to protect our customers, we must always think ahead and develop new security features. Clipboard Protection is the latest layer in our Swiss-cheese defense, enhancing our ability to eliminate clipboard-based threats like #ClickFix and #FakeCaptcha. This year alone, we've protected millions against these attacks, and we have no intention of stopping here.

Learn more: https://www.gendigital.com/blog/news/family-of-brands/clipboard-protection

Clipboard Protection: Our Latest Defense Against Evolving Threats

How Our Clipboard Protection Defends Against Growing Cyberthreats

Jan Rubín Nov 13, 2024

With my intense focus on hunting down #ClickFix, some payloads are more interesting than others. Read my new analysis about #GloveStealer, which has the capability to bypass #AppBound encryption via the usage of the #IElevator service. Besides stealing browser data, the malware also searches for 84 locally installed apps and 280 browser extensions(!), focusing on crypto, 2FA authenticators, password managers, gaming platforms, and more.

Read the analysis here:
https://www.gendigital.com/blog/news/innovation/glove-stealer

Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data

A .NET malware, bypasses Chrome's App-Bound Encryption, stealing data from browsers, crypto wallets, 2FA authenticators

Jan Rubín Sep 19, 2024

This time something short from me. We've been monitoring #FakeCaptcha campaigns for quite some time, as well as #Lumma #Stealer. It also feels like the adversaries are intensifying their efforts with each campaign, along with the recent one. Read more:
https://www.gendigital.com/blog/news/innovation/global-surge-in-fake-captcha-attacks

Global Surge in Fake Captcha Attacks

How Fake Captcha Campaigns are Distributing Lumma Stealer

Jan Rubín Apr 23, 2024

This one was tricky. Dive into #GuptiMiner, our newest analysis by my colleague Milánek and me. Two types of backdoors, XMRigs, MitM over antivirus updates, shellcodes in PNGs, DNS trickery, certificates trickery, deployment before system shutdown, you name it:

https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

#malware #analysis #backdoor #cryptomining

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.

Avast Threat Labs

Jan Rubín Oct 5, 2023

This Saturday, I'll be presenting at the Prague Security Conference (https://www.prasec.cz/) on the topic "Insights into the AI-based Cyber Threat Landscape." I look forward to meeting both familiar and new faces at the event and engaging in discussions on various interesting topics!

PraSec Conference

Jan Rubín Nov 29, 2022

Tam Nov 8, 2022

Did you know that if you capitalize each word in a multi-word hashtag, #ScreenReaders can read them as words, but if you leave them lowercase, they can't? Well, now you know! So, for #accessibility, please capitalize words when there's more than one in a hashtag.

#MastodonTip #TwitterMigration

Jan Rubín Nov 21, 2022

#ViperSoftX stealer is still kicking and distributing another stealer in the form of a browser extension for Chromium-based browsers, called #VenomSoftX, which performs man-in-the-browser attacks and much more.
Read my latest analysis on #AvastDecoded
https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/

ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs

ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks.

Avast Threat Labs