Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

At the end of 2016 and in the early part of 2017, a new player appeared on the Russian criminal underground scene going by the name of Gosya trying to peddle a new bank credential stealing malware product. Through issues of culture, paranoia, and distrust, the author found themselves banned from the community, and in what appears to have been a fit of pique simply released the source code in of March this year.
It turns out that the criminal fraternity's distrust was misplaced and that Nukebot, as it was known, was a fully functional command and control and infection system capable of doing exactly what it claimed (except for some wilder claims of being able to evade some of the IT industry's most sophisticated counter-weapons), and this is now coming back to haunt us. Other underground developers have picked up on the source code, and new variants are starting to emerge from the hands of criminals who have tailored it to their specific bidding.
So far, detected deployments have seen little activity other than what look like beta testing, although one exception is a variant that seems to be specifically targeting French and American financial institutions.
The ever-changing faces of malware threats are the reason defences need to be kept up to date. Whoever you are, whatever you use for your anti-virus, make sure you keep it up to date - at work AND at home.