Dyreza’s anticrypt

In the previous post, we have described how to set up a loft to monitor Dyreza with the help of virtual machines configured with breakpoints at addresses where communications appear in clear text. Configuration file updates can thus be obtained […]

Monitoring Zeus P2P and Dyreza with malware lofts

Many malicious binaries use a command and control server centralised on a dedicated domain, which is simple to operate but likely to be shut down by specialised companies like Lexsi or LEAs. Malware authors have been using decentralised network infrastructures for a few […]

Ibanking: when malwares bypass the facebook OTP

Introduction Ibanking is a banking malware for the Android platform. Its features are similar to those of the other banking malwares. It includes SMS/call transfer and interception, identity theft, etc. This malware has impacted multiple banks in Europe since 2014. […]