Minerva Labs

Minerva Labs
Share

Minerva Labs

 •  October 18

Minerva Labs has recently discovered a new cryptocurrency mining campaign that uses evasion techniques to avoid being detected. In the campaign dubbed “WaterMiner”, malicious code was delivered to innocent gamers, hidden in gaming ‘mods’. Once the gamer runs the ‘mod’, unknowingly his machine is abused to produce financial gains for the attacker by...

Minerva Labs

 •  October 17

Minerva Labs has uncovered malicious software that implements a new evasive cryptocurrency mining campaign.
This post explains the nature of malicious cryptocurrency miners (cryptominers), dissects the newly discovered malware, and explains its evasive techniques and infection vectors that the adversaries employed to get around endpoint security...

Minerva Labs

 •  October 11

In our recent paper, “Making sense of the endpoint security” we compared and contrasted different types of endpoint security tools, from endpoint control, to anti-malware, to endpoint detection and response. One question security architects constantly struggle with is whether to concentrate on prevention or detection. In reality, these are two...

Minerva Labs

 •  October 3

Despite worldwide spending reaching billions of dollars on endpoint security, in too many organizations endpoints are still the most vulnerable part of an organization’s technology infrastructure. Security teams desperately need a new approach, but for security architects, endpoint security is a confusing space. There is a dizzying array of vendors...

Minerva Labs

 •  September 19

Minerva is proud to officially release Mystique – a free, open-source tool for automatically extracting mutex infection markers from malware for vaccination. You can download the tool from https://github.com/MinervaLabsResearch/Mystique Mystique, like all automation tools, saves incident response teams time and makes it possible to analyze a large...

Minerva Labs

 •  September 19

According to recent publications and official confirmation from Piriform and Avast, the widely used IT utility tool CCleaner was compromised since mid-August until September 12th. The utility was Trojanized with a clever highly dangerous backdoor, decrypted in memory in parallel to the normal operation of CCleaner.We want to inform our customers...

Minerva Labs

 •  September 13

We can immunize computer systems against some infections by deploying vaccines that fool malware into believing the endpoint is already infected. This premise has been lingering in my mind for several years. But it wasn’t until I joined the Minerva team that I gained access to a framework that could implement this defensive technique in a manner...

Minerva Labs

 •  August 8

For too long, antivirus vendors didn’t innovate fast enough, and more and more companies started to question the effectiveness of AV. Understandably, there are now several vendors out there touting “Next Generation Antivirus” as the answer. Next generation antivirus claims to have much more advanced analysis, but there are a number of things they...

Minerva Labs

 •  August 3

In any cyber attack, the longer an attacker can remain undetected, the more pervasive, intrusive, and destructive they can be. So, the search is constantly on for new ways to compromise and take over an endpoint – but do so completely in stealth. Early attack methods involved spawning malicious processes that either performed the attack actions or...

Minerva Labs

 •  August 1

Throughout the history of combat and military engagement, there are plenty of stories how a smaller force was able to overcome a larger force through the use of trickery and deception. One such scenario is the WWII Battle of Singapore between the defending British troops and assaulting Japanese Army. Prior to the Japanese invasion, Singapore was...