LevelBlue Blog

Executive Summary  LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading as legitimate anti-virus components to establish proxy connections through a command and control (C&C) server. This tool, distributed in various… Read more →

Executive Summary LevelBlue Labs recently discovered a new highly evasive loader that is being delivered to specific targets through phishing attachments. A loader is a type of malware used to load second-stage payload malware onto a victim’s system.  Due to the lack of previous samples observed in the wild, LevelBlue Labs has named this malware … Read more →

LevelBlue Labs researchers have discovered a new variant of BlackGuard stealer in the wild, infecting using spear phishing attacks. The malware evolved since its previous variant and now arrives with new capabilities. Key takeaways: BlackGuard steals user sensitive information from a wide range of applications and browsers. The malware can hijack crypto wallets copied to clipboard. The new variant is… Read more →

Executive summary Crypto miners are determined in their objective of mining in other people's resources. Proof of this is one of the latest samples identified with LevelBlue Labs, with at least 100 different loaders and at least 4 different stages to ensure their miner and backdoor run smoothly in the infected systems. Key takeaways: Attackers have been sending malicious attachments,… Read more →

Executive summary Binary diffing, a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. This blog post describes how LevelBlue Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence. Using binary diffing for analysis is particularly effective in the IoT malware world, as most… Read more →