Check Point Blog

Research November 29, 2018

KingMiner: The New and Improved CryptoJacker

Research by: Ido Solomon and Adi Ikan Crypto-Mining attacks have grown and evolved in 2018. Due to the rise in value and popularity of crypto currencies, hackers are increasingly motivated to exploit the CPU power of their victims’ machines for crypto-...

Read More
Research November 8, 2018

The Spy Drone In Your Cloud

In the 19th Century the undercover operations of the Great Game captured the imagination of European adventurers. In the 20th Century, it was the Cold War that made people worldwide fear for who was listening in. In…

Read More
Research October 17, 2018

The Emergence of the New Azorult 3.3

Research by: Israel Gubi During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult is a long known information stealer and malware downloader, ...

Read More
Research October 14, 2018

Godzilla Loader and the Long Tail of Malware

Research by: Ben Herzog To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thin...

Read More
Research October 3, 2018

Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware

In this part we show how to deal with obfuscated Windows API calls in Ngioweb malware using Labeless and x64dbg without reconstructing API-resolving algorithm. If you’re new to all this Labeless stuff, though, please refer to the previous articles in t...

Read More

Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

In this part we show how to decrypt strings present in the module of Boleto malware – without reconstructing the decryption algorithm. If you’re new to all this Labeless stuff though, please refer to the previous articles in this series as they will be...

Read More

Labeless Part 4: Scripting

In this part of our Labeless series, we will discuss the theory behind Labeless scripting. If, however, you’re new to all this Labeless stuff, please refer to the previous articles in this series as they will be helpful in explaining on what’s going on...

Read More
Research September 27, 2018

The ‘Gazorp’ Dark Web Azorult Builder

Research by: Nikita Fokin, Israel Gubi, Mark Lechtik On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for building binaries of the popular malware, Azorult, an infostealer us...

Read More
Research September 13, 2018

Meet Black Rose Lucy, the Latest Russian MaaS Botnet

Research By: Feixiang He, Bogdan Melnykov, Andrey Polkovnichenko An organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent years we’ve seen cyber criminals take great...

Read More
Research September 7, 2018

Domestic Kitten: An Iranian Surveillance Operation

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internali...

Read More