21/04/2022 - Karsten Hahn
Criminals provide Ginzo stealer for free, now it is gaining traction
We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer?
Malware
08/03/2022 - Eddy Willems
An attacker's toolchest: Living off the land
If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of tools. But for the most part, the tools will be very familiar to you.
02/03/2022 - Stefan Hausotte
Research Project: SmartVMI
SmartVMI is getting off the ground: Alongside the University of Passau and innowerk, G DATA is conducting research into improving the state of virtual machine introspection for memory analysis and malware detection.
22/02/2022 - Eddy Willems
Android Malware: An underestimated problem?
Is Android malware dangerous? How can I prevent my phone from being infected? How can I remove a malicious app from my phone? What’s the real reason why we see so many malicious apps for Android? All these are questions we will look into during the next minutes.
14/02/2022 - Karsten Hahn
Allcome clipbanker is a newcomer in underground forums
The malware underground market might seem astoundingly professional in marketing and support. Let's take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome.
03/02/2022 - Karsten Hahn
QR codes on Twitter deliver malicious Chrome extension
ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don't contain what they promise.
19/01/2022 - Karsten Hahn
Malware vaccines can prevent pandemics, yet are rarely used
Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against biological viruses, malware vaccines are not particularly common. This article explains why.
16/12/2021 - Hauke Gierow
Germanys National Cybersecurity Agency declares red alert: Wave of attacks possibly imminent due to Log4Shell vulnerability
The remaining days before Christmas will not be relaxing ones for IT and IT security managers in companies around the world: The Log4Shell security vulnerability is currently keeping the IT world on tenterhooks.
30/09/2021 - Karsten Hahn
All your hashes are belong to us: An overview of malware hashing algorithms
VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…
14/07/2021 - Eddy Willems
Web shells: How can we get rid of them and why law enforcement is not really the answer
Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the same period a year earlier. But what are they exactly and how can you fight them?
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist