Nivdort, also known as Bayrob is an information stealing trojan that is used to extract personal and financial information from the systems it infects. This malware family has been around for almost 10 years (it was first discovered in March 2007), which is a very long life for a malware family and, although it has appeared in the media a few times during these years, it is still relatively unknown to most people.
AnubisNetworks Threat Intelligence services are specialized in hundreds of malware strains, including the most dangerous Ransomware. By detecting infected systems in realtime, AnubisNetworks can pinpoint the threats and help you avoiding its proliferation.
Bolek is a recent malware from the Kbot/Carberp family. We first heard about this malware from the cert.pl blog post in May 2016, and since then, a few others have published additional information about it (links below).
AnubisNetworks newest case study highlights the challenge of a financial institution which has realized the limitations of having only internal events monitoring on top of the security systems, on the perimeter and endpoints. Thereby, our client needed to have high-quality and actionable information that could be immediately correlated with the internal events the SOC was already collecting.
From time to time we have the opportunity to sinkhole domains that have an high volume of traffic and are part of a mobile device botnet. In the beginning of July we registered a domain that we found to be part of the AndroidBauts family with over 550,000 devices for a 24h period, affecting mostly India and Indonesia from a total of 216 countries. The piece of software that triggers this traffic was present in four (already removed) Google Play Store applications.