Archive for May, 2016

sample app flow

On February 16, 2016 Google described a critical vulnerability in GLIBC’s getaddrinfo function. They provided a crash PoC, and so the task of producing a reliable exploit began. In this post, we will show how CVE-2015-7547 can bypass ASLR-enabled systems. Continue reading

A deep dive into Internet infrastructure, plus a rare visit to a subsea cable landing site.

Continue reading

ke3 fig 2

Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool.  Continue reading


Securing iOS and Android smartphones and tablets is still a relatively new concept. Taking control of a mobile device was once considered an unlikely threat because it was hard to do. However, malware has moved forward, making attacks a more imminent threat. One of the causes for this is malware’s advances in attack capabilities.  Continue reading

NATIONAL HARBOR, Md.—At this week’s Navy League Sea-Air-Space exposition (an annual seapower conference and trade show for the Navy, Marines, and Coast Guard) Ars got a chance to board and tour a craft called the Stiletto. Continue reading

The Check Point Research team has uncovered the entire operation of one of the world’s largest attack infrastructures. Exploit Kits are a major part of the Malware-as-a-Service industry, which facilitate the execution of ransomware and banking trojans, among others. Their creators rent them to cybercriminals who use them to attack unsuspecting users. Nuclear is one of the top Exploit Kits, both in complexity and in spread.

Continue reading

This Damn War image via Shutterstock

A SCSI-brained ‘friend’ in need is a pain indeed

Continue reading


Mobile malware is still a growing phenomenon and, in many cases, follows the lead set by predecessors in the PC world. This week the Check Point research team encountered different mobile malware that adopted techniques previously known only in the PC world. This is not a new trend, and our team expects it will grow even further. Continue reading

Viking Horde Image

The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far. Continue reading

As discussed in an earlier FireEye blog, we have seen Locky ransomware rise to fame in recent months. Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails, and may have overshadowed the Dridex banking Trojan as the top spam contributor. Continue reading