Recent Posts

Recent Blog Posts

The PhishLabs Blog

Olympic Vision Keylogger and BEC Scams

Posted by Eris Maelstrom on May 24, '16

During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This campaign appears to be originating out of South Africa, utilizing both maliciously registered free domains as well as compromised domains.

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, BEC, business email compromise

How to make the most of reported phishing emails... Even if there are way too many

Posted by Joseph Opacki on May 19, '16

You’ve done it.

After months of nagging, security awareness training, and constant reminders, your employees have started reporting phishing emails. Take a moment to pat yourselves on the back, because this is no mean feat.

But… now what? What do you actually do with all these reported emails?

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Spear Phishing

Android.Trojan.Marcher - Conclusion

About Parts One and Two

This post is a conclusion to a three-part blog analyzing "Marcher" malware that targets the Android platform. Read part one here and part two here.  To round out the discussion, let’s cover the network and host indicators associated with this trojan.
Read More

Topics: Phishing, Malware, Threat Intelligence, Android, Banking Trojan

Bash “Shellshock” Bug Rivals Heartbleed in Cyber Threat Severity

The recently discovered bug, Shellshock, also known as the “bash bug” was made public on September 24, 2014, causing widespread anxiety as bug patches failed to remediate all vulnerabilities. The bug is found in Bash – an almost ubiquitous system software used in millions of computers, Linux-based machines and even Mac computers. Essentially, the vulnerability allows for remote execution of arbitrary commands on web servers and computers with no authentication required.

Read More

Topics: Threat Intelligence, Shellshock

PhishLabs partners with VirusTotal

Posted by Stacy Shelley on Sep 24, '14

We're pleased to announce that VirusTotal has joined our global network of cybercrime intelligence partners. Intelligence sharing is a vital part of the fight against cybercrime, providing threat visibility and insight to aggressively mitigate attacks and protect our clients. Our partnership with VirusTotal provides an additional layer of intelligence, expanding our threat visibility.

Read More

Topics: Threat Intelligence, Company News

Vawtrak Gains Momentum and Expands Targets

Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

“Smash & Grab” cybercrime attacks have been active since mid-June

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash  & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.

Read More

Topics: Phishing, Malware, Threat Intelligence, Trojan, Crimeware

Banks, ePayment Services Top List of Phishing Kit Targets

Over the last month, PhishLabs analyzed nearly 9,000 phishing kits and variants available on compromised and clandestine servers, file sharing services, underground scammer forums, and various user-generated content sites such as blogs. 

The following chart displays a breakdown of phishing kits we analyzed, based on the type of brand targeted. Financial Institutions, ePayment & Money Transfer Services, Social Networking Sites, and Email Services were the brand categories most frequently targeted by phishing kits, representing a combined 77% of kits analyzed.

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Phish Kit

PhishLabs is an inaugural threat intelligence provider in Check Point's ThreatCloud IntelliStore

Posted by Stacy Shelley on May 28, '14

Last week, Check Point officially launched a new threat intelligence platform that integrates third-party intelligence feeds with Check Point technologies. Called ThreatCloud IntelliStore, it serves as a marketplace where Check Point customers can easily tap into intelligence feeds to enhance threat detection and prevention.

We're very proud and excited to be an inaugural partner in the ThreatCloud IntelliStore. Why, you ask?

Read More

Topics: Threat Intelligence

Should financial institutions be concerned about Blackshades?

Earlier this week, law enforcement officials announced the arrest of more than 90 people for using and distributing the Blackshades RAT. In the wake of the arrests, we’ve been asked if Blackshades is a threat that banks, credit unions, and other financial institutions should be particularly concerned about. 

Should financial institutions be doing anything differently to protect against Blackshades specifically? Probably not.

Read More

Topics: Malware, Threat Intelligence, Trojan

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all