Blog

Excel introduced Excel 4.0 Macros (XLM) feature in 1992. Since then, this style has been commonly used to abuse Visual Basic for Applications (VBA). In 2020, it became popular amongst attackers as this macro is challenging to catch in detection; thus, many cybersecurity providers struggle to defend against Excel 4 macro-based attacks. This allows attackers to explore deeper into XLM

Read more

The colonial pipeline ransomware attacks $5 million paid, stole 100GB of Data, shut down the pipeline and website presence. It was the largest Cyberattack on an oil infrastructure target in the history of the United States. Our team started research on Darkside from an early uprising of the ransomware-as-a-Service operator and tracking all intelligence covered by the R&D center and partnered malware

Read more

ESET researchers discovered a malware family with tools that show signs they’re used in targeted attacks. ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting operating systems running Linux. Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and

Read more

AVAR was founded in 1998 because of a perceived gap in coverage of anti-virus organisations. At that time Europe and the Americas were served by EICAR and Virus Bulletin, but researchers in Asia were left isolated. The observant reader might have noticed that our Memorandum and Articles of Association (M&A) lists the date of incorporation as 17th July 2013, so why

Read more

Welcome to AVAR, whether you are a Member, thinking of becoming a Member, or just interested in finding out more about us. While other blogs here focus on technical topics, I will cover AVAR’s history, organisation and culture. This is information that usually spreads informally when we meet at conferences but, because of COVID-19, our 2020 conference was virtual and

Read more

By Felissa Mariz D. Marasigan and Lovely Jovellee Lyn Bruiz 2020 brought a major change in the digital world. As we bring our day-to-day activities online, our social network grows vastly, and new more diverse threat starts creeping in. In 2017, DeepFakes, also known as manipulated media produced through artificial intelligence, were primarily used by enthusiasts to generate fake porn videos. It is

Read more

Excel Formula, or XLM – doesn’t stop giving pain to researchers? On Friday I got a new sample using the xlsb file-format that supposedly was having malicious code. I had a quick look, and wow – this was different. My first check on VirusTotal (VT) showed me that it hadn’t been uploaded to VT yet. So with nothing to go on,

Read more

Office malware has been around for a long time. In the past I’ve written several blogs [1,2,3,4] about the basics and beyond. In this blog we’ll focus on Excel Formula (XF) 4.0. I wasn’t too familiar with XF 4.0 before I started looking into it, so learn with me. With VBA macros you’ll find these easily by decompressing some streams and

Read more

As cloud services have grown in popularity, they have also become a fertile ground for cybercriminals to launch attacks that stay under the radar. Attackers are taking advantage of the trust that users, organizations, and security vendors place in popular cloud services. This blog post provides examples of four key ways in which attackers abuse cloud services, for: Malware delivery

Read more

Xiaopeng ZhangFortinet’s FortiGuard Labs The Phobos ransomware family is fairly recent, only having been first spotted by security researchers in early 2019. But since then, it has continued to push out new variants that not only evolve attack methods, but also frequently change the extension name of encrypted files in past variants. And in its short history, its victims have often

Read more