PDFChampions YAPA Browser Hijacker/Loader Analysis
Aaron Samala
TL;DR PDFChampions is a YAPA Browser Hijacker, delivered via ads, that changes the browsers default search engine and also functions as a loader. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS…
Malware Research
ConvertyFile Browser Hijacker
TL;DR ConvertyFile is a browser hijacker, delivered via ads, that changes the browser’s default search engine. Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN…
Convert Master Browser Hijacker Analysis
TL;DR Convert Master is a browser hijacker, delivered via ads, that changes the browsers default search engine – and I’ve observed it using a redirector for the “Retro Revive” fake…
SVG Capabilities and Behaviors
TL;DR This documents my research into three methods an attacker could use, with an SVG file, in a phishing attack to direct the victim to the next stage in the…
Updated LandUpdate808 Analysis
It’s been a while since I’ve posted about LandUpdate808. There was a compromised site that is local to Hawaii that I recently noticed, and it prompted me to research the…
ClickFix Delivery Initiated via Phishing Email
TL;DR Phishing email uses ClickFix to initiate multi-stage delivery (incomplete analysis at final stage). Tactical Pause THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE MY OWN AND DO…
First Lumma Stealer IOC!
Pretty stoked! I’ve been trying to see if I could find an unreported Lumma C2 domain since about August. At some point in August, I noticed ET Labs (https://x.com/ET_Labs) had…
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Automating Gootkit Detection with urlscan.io: A Step-by-Step Guide
Learn to automate Gootkit malware detection using urlscan.io. This guide covers the use of urlscan.io's API and Python scripting to efficiently identify and analyze malicious forum loader scripts, enhancing your…