Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files

 
The start of a series This blog entry is the first in a new series featuring reports from Check Point SandBlast Agent Forensics. The concept is quite simple: we run a malware sample on a PC in our malware lab, with all protections turned off, and let SandBlast Forensics automatically analyze it. In addition to the blog, we are thrilled to now provide you with access to the interactive forensic report. This is the same report that a CISO, Security Admin or Incident Responder would get with SandBlast Forensics. SandBlast Forensics identifies, summarizes and highlights all the elements related to a security incident. The elements comprising the incident are automatically extracted from ...

From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign

 
For five months, Check Point mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components. Download our report “From HummingBad to Worse” ...