Malware
- Home /
- Categories /
- Malware
Prometheus: Automatic signature generation for WebInject-based banking trojan detection
The goal of this project is to extract signatures that capture the WebInject behavior of trojans. WebInject-based trojans are still the most popular e-crime tool.
Read More
What we Know About Eyepyramid
The day before the EyePyramid case exploded, I received a confidential email with a PDF. It was the scanned copy of the court order for the law enforcement to proceed and arrest the Occhionero brothers. In a few minutes, I noticed that this leaked document was also circulating on various private mailing lists and chat groups I’m part of. At some point, I received a non-redacted copy.
Read More
Mobile (Android) Ransomware
I’ve started this project while advising a Master student who was interested in machine learning. As I’ve been using machine learning since around 2006, I was immediately hooked by the idea of using it to determine whether an Android app was trying to lock the target device as part of a ransomware scheme.
Read More
Banksealer: Automatic Banking Fraud Detection
We started this project because we wanted to analyze banking and credit-card transactions and, with as little knowledge as possible, predict whether new ones are fraudulent or not (e.g., due to a banking trojan working on the victim’s computer, made by a cyber criminal with stolen credentials).
Read MoreDroydseuss: Android Malware Tracking and Intelligence
We wanted to create a malware tracker similar to ZeusTracker, but for mobile bankers. So we built a tool, DroydSeuss, which uses static analysis to extract relevant C&C endpoints (e.g., phone number, web URLs) and monitors them by running each sample in a sandbox on a daily basis.
Read MoreAndRadar: Mobile app Marketplace Monitoring and Reputation Analysis
The main goal of this project is to provide a dashboard to analyze and monitor the spreading of Android malware in marketplaces. AndRadar uses lightweight fingerprints to lookup malware samples without the need to download them from the markets.
Read More