Editorial team

IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen Botconf 2024 Friday2024-04-26 | 11:35 – 12:10 Duy Phuc Pham 🗣 | Damien Marion 🗣 | Annelie Heuser The Internet of Things (IoT) is a network of interconnected devices, becoming increasingly complicated and suffering from inadequate security measures. Cybercriminals, especially those who specialise in malware and rootkits, recently […]

Gozi ISFB – Memoirs of a banking trojan Botconf 2024 Thursday2024-04-25 | 13:50 – 14:30 Fred Harrison 🗣 Gozi ISFB has been a persistent banking trojan that has gone through many changes over its lifetime. Being observed for generic and banking fraud campaigns but also now slowly pivoting into the ransomware as a service world

GenRex Demonstration: Level Up Your Regex Game Botconf 2024 Thursday2024-04-25 | 14:35 – 15:15 Dominika Regéciová 🗣 GenRex is a unique tool for detecting similarities in artifacts from executable files and the generation of regular expressions. This paper demonstrates how to use GenRex to maximize the usage of regular expressions automatically created from behavioral reports

Telegram-as-a-C2 or a Fourfold Tale of Bad OPSEC Botconf 2024 Thursday2024-04-25 | 15:40 – 16:10 Pol Thill 🗣 In recent times, Telegram Bots have emerged as a prominent Command and Control (C2) mechanism, gaining popularity among threat actors for their resilience against takedowns, user-friendly setup, and versatile configuration options. Both Advanced Persistent Threats (APTs) and

Caviar Scammers: Uncovering the SturgeonPhisher APT Group Botconf 2024 Thursday2024-04-25 | 16:15 – 16:55 Damien Schaeffer 🗣 SturgeonPhisher is a cyberespionage group active since at least October 2021 and that is also known as YoroTrooper. The group targets government officials, think-tanks, and employees of state-owned companies mostly in countries bordering the Caspian Sea – the

Unplugging PlugX: Sinkholing the PlugX USB worm botnet Botconf 2024 Thursday2024-04-25 | 09:00 – 09:30 Félix Aimé 🗣 | Charles Meslay 🗣 In March 2023, Sophos published an article entitled “A border-hopping PlugX USB worm takes its act on the road” putting the light on a PlugX variant with worming capabilities. According to the Sophos blogspot, all

Eastern Asian Android Assault – FluHorse. Botconf 2024 Thursday2024-04-25 | 09:35 – 10:05 Alexandr Shamshur 🗣 | Raman Ladutska 🗣 The FluHorse malware features several malicious Android applications that mimic legitimate applications each with more than 100,000 installs. These malicious apps steal the victims’ credentials and Two-Factor Authentication (2FA) codes. FluHorse targets different sectors of Eastern Asian

Evasions Fest of Korean Android Financial Menace – FakeCalls Botconf 2024 Thursday2024-04-25 | 10:10 – 10:40 Raman Ladutska 🗣 | Bohdan Melnykov When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be