Analysis of a New HawkEye Variant

Threat Analysis by FortiGuard Labs Background FortiGuard Labs recently captured a malware being spread by a phishing email. After a quick analysis, I discovered that it was a new variant of the HawkEye malware. HawkEye is known as a keylogger and an application credential stealing malware. Over past few years, Continue Reading

Analysis of New GlobeImposter Ransomware Variant

Over the past few days, FortiGuard Labs captured a number of JS (JavaScript) scripts. Based on my analysis, they were being used to spread the new GlobeImposter ransomware variants.  I picked one of them and did a quick analysis. The version of the variant I reviewed is “726”. Figure 1 Continue Reading

In-Depth Analysis of .NET Malware JavaUpdtr

Background FortiGuard Labs recently captured some malware which was developed using the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained Continue Reading

Deep Analysis of New Emotet Variant

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Continue Reading

Microsoft Word File Spreads Malware Targeting Both Apple Mac OS X and Microsoft Windows

On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows systems. We then analyzed the sample, and in this blog we are going to explain how it Continue Reading

Deep Analysis of the Online Banking Botnet TrickBot

One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims Continue Reading

6 Outdated Designs You Need to Remove At Once from your Website

Back in the day, websites captured users’ attention by using cool animation and effects. It’s 2017, and these tricks don’t work anymore. The users of today are web-savvy and have a short attention span due to their fast-paced lives. So, you’ve got a mere 15 seconds to grab their interest Continue Reading