Blog

Malware

New malware via gaming portals may affect thousands of personal computers

Estimated reading time: 2 minutes

Gamers beware. A report by Chinese cybersecurity researchers recently discovered a malicious botnet campaign that infected hundreds of thousands of systems. This botnet campaign was spread through malware via pirate gaming portals. The attack has been traced back to a China-based cybercrime group called DoubleGun which has amassed thousands of...

Android application found on Google Play Store carrying Windows malware!

 March 30, 2020
Android application found on Google Play Store carrying Windows malware!

Estimated reading time: 2 minutes

Recently, Quick Heal Security Labs found an Android application present on the Google Play Store which was infected by Windows malware. The application is meant for Gionee SmartWatch configuration and visualizing the data through App. On further analyzing the App, we found few HTML files which were infected with Windows...

CVE-2020-0796 – A “wormable” Remote Code Execution vulnerability in SMB v3

 March 13, 2020

Estimated reading time: 2 minutes

Since last two days, the Internet is rife with news around a critical remote code execution vulnerability in SMBv3.1.1 compression mechanism. Today, on 12th March 2020 Microsoft has released an emergency out-of-band patch to address this vulnerability. As per Microsoft release information, it’s a remote code execution vulnerability in the...

Ouroboros: Following A New Trend In Ransomware League

 February 18, 2020

Estimated reading time: 5 minutes

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few...

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

 February 13, 2020

Estimated reading time: 5 minutes

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with...

Hackers are riding on the global panic pertaining to the deadly Coronavirus

 February 10, 2020
Malware-riding-on-Corona-Virus

Estimated reading time: 3 minutes

Very recently, the Coronavirus that apparently originated from the Wuhan province in China has created pandemonium across the world creating an atmosphere of a health crisis for the global populace. As the news of the deadly Coronavirus creates waves of panic across the globe, cyberattackers are lurking into this phenomenon...

Trinity Miner using open ADB port to target IoT devices

 July 26, 2019

Estimated reading time: 6 minutes

In the 21st century, life is becoming smart and evolving at a fast pace. Even day to day gadgets are becoming smarter. All these IoT devices are powered by ARM-based processor and run on android and unix operating system. These IoT devices include mobiles, smart T.V., routers, IP cameras and...

APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise

 May 28, 2019

Estimated reading time: 7 minutes

In today’s world data is everything, and to store and process this large amount of data, everyone started using computing devices. Database servers which are used for storing this precious data on computing devices include MySQL, MongoDB, MSSQL, etc. But unfortunately, not everyone is conscious about its security. In fact, approximately...

JCry – A Ransomware written in Golang!

  • 2
    Shares
 April 9, 2019

Estimated reading time: 4 minutes

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As...

Malspam email – Jack of all malware, master of none.

  • 30
    Shares
 January 21, 2019

Estimated reading time: 4 minutes

Malspam email or malicious spam emails are considered to be one of the favorite malware delivery channels for the attackers to deliver the malware to targeted victims. Attackers also run spam email campaigns to distribute their malware to a large number of users. For attackers to succeed, two things are...