16/03/2023 - G DATA Security Lab
ChatGPT: The real Evil Twin
The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world.
Techblog
21/09/2022 - Karsten Hahn
Identifying file manipulation in system files
Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified? Here are seven different ways to do that.
15/07/2022 - Karsten Hahn
The real reason why malware detection is hard—and underestimated
Researchers develop an AI with a 98% malware detection rate and 5% false positive rate. If you think this is a splendid technology for antivirus software, this article might change your mind.
21/04/2022 - Karsten Hahn
Criminals provide Ginzo stealer for free, now it is gaining traction
We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer?
02/03/2022 - Stefan Hausotte
Research Project: SmartVMI
SmartVMI is getting off the ground: Alongside the University of Passau and innowerk, G DATA is conducting research into improving the state of virtual machine introspection for memory analysis and malware detection.
14/02/2022 - Karsten Hahn
Allcome clipbanker is a newcomer in underground forums
The malware underground market might seem astoundingly professional in marketing and support. Let's take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome.
03/02/2022 - Karsten Hahn
QR codes on Twitter deliver malicious Chrome extension
ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don't contain what they promise.
27/01/2022 - Hauke Gierow
Merck wins Not Petya claim – but the future of cybersecurity insurance is complicated
Pharmaceutical company Merck & Co won its case for coverage of losses incurred during the Not Petya cyberattack, securing a payment of 1.4 billion US-Dollars from its insurance company. Previously, the company withheld the money, citing exclusion policies.
19/01/2022 - Karsten Hahn
Malware vaccines can prevent pandemics, yet are rarely used
Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against biological viruses, malware vaccines are not particularly common. This article explains why.
30/09/2021 - Karsten Hahn
All your hashes are belong to us: An overview of malware hashing algorithms
VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist