Category: Malware

Kardon Loader Looks for Beta Testers

Kardon Loader Advertisement

Key Findings ASERT researchers discovered Kardon Loader being advertised on underground forums. Kardon Loader features functionality allowing customers to open their own botshop, which grants the purchaser the ability to rebuild the bot and sell access to others. Kardon Loader is in early stages of […]

Read more

OMG – Mirai Minions are Wicked

Executive Summary Mirai, seen as revolutionary for malware that targets the Internet of Things (IoT), has wrought destruction around the globe and popularized IoT based malware. Mirai was utilized by attackers to launch multiple high-profile, high-impact DDoS attacks against various Internet properties and services in […]

Read more

Lojack Becomes a Double-Agent

Executive Summary ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains.  The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity.  Fancy Bear actors typically choose […]

Read more

Musical Chairs Playing Tetris

February 20, 2018: This blog has been amended since it was originally published on February 15, 2018. This version removes the association with the APT group responsible for the Night Dragon campaign that we had incorrectly made. We thank the research team at Palo Alto […]

Read more

The ARC of Satori

Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk. Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]

Read more

Reaper Madness

On October 19th, a team of security researchers warned of a new IoT Botnet that had already infected “an estimated million organizations” and that was poised to “take down the internet”. This report was subsequently picked up by the press and spread quickly via social media. […]

Read more

SnatchLoader Reloaded

Executive Summary SnatchLoader is a “downloader” malware—a type of malware that specializes in distributing (or loading) other malware onto infected computers. We first started seeing it in the wild around January 2017, but after a few months it went dormant. Recently, development of the malware […]

Read more