The PhishLabs Blog

Vawtrak / Neverquest2 adopts new methods to increase persistence

Posted by King Salemno on Aug 5, '16

At the end of July, the PhishLabs Research, Anaysis, and Intelligence Division (R.A.I.D.) found two major changes in the codebase of Vawtrak (a.k.a. Neverquest2) that significantly increased the banking Trojan’s persistence and the risk it poses for victims. We have discovered that the newest iteration of Vawtrak is now using a domain generation algorithm (DGA) to identify its command and control (C2) server. By using an algorithm instead of hardcoded domains, automated attempts at mitigation are rendered inadequate. Additionally, this new DGA implementation is bundled inside of a codebase that appears smaller and more efficient possibly because of compiler optimization. This optimization prevents malware researchers from using their pre-established Vawtrak analysis techniques during the reversing process to assist with the mitigation of the threat.

Read More

Topics: Threat Analysis, Threat Intelligence, Vawtrak, Banking Trojan, Neverquest2, Malware Analysis, R.A.I.D.

Increased Upatre Activity, CoinVault Ransomware, PoS Malware Proliferates and more | TWIC - April 17, 2015

Posted by Lindsey Havens on Apr 17, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Malware, The Week in Cybercrime, Crimeware, Vawtrak, POS Attacks, Banking Trojan, Ransomware

Vawtrak’s expanding infrastructure

Posted by R.A.I.D. on Feb 11, '15

The malware known as Vawtrak is a banking Trojan which has increased in sophistication since its inception more than eight years ago. Systems infected with Vawtrak become part of a botnet managed by a Russian cybercrime gang who operate a Cybercrime-as-a-Service enterprise based on selling botnet access and support to their clients.

Read More

Topics: Malware, Vawtrak, Banking Trojan

Top blog posts from PhishLabs: 2014 review

Posted by Lindsey Havens on Dec 30, '14

It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:

Read More

Topics: Phishing, Malware, ZeuS, Hacker Tools, Vishing, Vawtrak, Banking Trojan

Crimeware-as-a-Service, CryptoLocker, ICANN Spear Phishing, and more | TWIC - December 20, 2014

Posted by Lindsey Havens on Dec 20, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, The Week in Cybercrime, Crimeware, Vawtrak, Banking Trojan, CryptoLocker

The unrelenting evolution of Vawtrak


In a recent blog post, we wrote about Vawtrak expanding targets and gaining momentum. Fast forward a few months and the threat is anything but diminishing. Sophos just released a technical report on Vawtrak which discusses the significance of the threat and its Crimeware-as-a-Service model. In December 2014, Vawtrak version 0x38 was released including significant code and configuration changes that indicate momentum and an intense focus on development of the crimeware kit. To better understand the complexity of the threat, this post is a historical review bringing you all the way up to the most recent enhancements observed in December.

Read More

Topics: Malware, Vawtrak, Banking Trojan

Vawtrak Gains Momentum and Expands Targets


Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all