ClearFake: a newcomer to the “fake updates” threats landscape
ClearFake is a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. This blogpost aims at presenting a technical analysis of...Read More
CustomerLoader: a new malware distributing a wide variety of payloads
This blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware...Read More
Overview of the Russian-speaking infostealer ecosystem: the logs
This blog post aims at presenting the life cycle of logs, the cybercrime marketplaces dedicated to logs and the noticeable schemes recently used by threat actors to exploit the...Read More
Overview of the Russian-speaking infostealer ecosystem: the distribution
This blog post aims at presenting the main techniques, tools and social engineering schemes used by the cybercriminals from the Russian-speaking infostealer ecosystem and observed by Sekoia.io analysts in...Read More
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part...
This blogpost is a technical analysis of Stealc infostealer, detailing different characteristics of the malware, including anti analysis, strings de-obfuscation and C2 communication techniques.Read More
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part...
This blogpost aims at presenting the activities of the Stealc’s alleged developer, a technical analysis of the malware and its C2 communications, and how to track it.Read More
Unveiling of a large resilient infrastructure distributing information stealers
This blogpost aims at presenting the current infection chain, payloads and the whole infrastructure used to distribute infostealersRead More
Aurora: a rising stealer flying under the radar
SEKOIA.IO analysed Aurora in depth and share the results of our investigation in this article.Read More
BlueFox Stealer: a newcomer designed for traffers teams
This blog post on BlueFox Stealer is an extract of the “FLINT 2022-053 – BlueFox Stealer: a newcomer designed for traffers teams” report (Sekoia.io Flash Intelligence) sent to our clients...Read More
PrivateLoader: the loader of the prevalent ruzki PPI service
SEKOIA analysts tracked PrivateLoader’s network infrastructure for several months and recently conducted an in-depth analysis of the malware. In parallel, we also monitored activities related to the ruzki PPI...Read More