Botconf presentation or article

Unplugging PlugX: Sinkholing the PlugX USB worm botnet Botconf 2024 Thursday2024-04-25 | 09:00 – 09:30 Félix Aimé 🗣 | Charles Meslay 🗣 In March 2023, Sophos published an article entitled “A border-hopping PlugX USB worm takes its act on the road” putting the light on a PlugX variant with worming capabilities. According to the Sophos blogspot, all

Eastern Asian Android Assault – FluHorse. Botconf 2024 Thursday2024-04-25 | 09:35 – 10:05 Alexandr Shamshur 🗣 | Raman Ladutska 🗣 The FluHorse malware features several malicious Android applications that mimic legitimate applications each with more than 100,000 installs. These malicious apps steal the victims’ credentials and Two-Factor Authentication (2FA) codes. FluHorse targets different sectors of Eastern Asian

Evasions Fest of Korean Android Financial Menace – FakeCalls Botconf 2024 Thursday2024-04-25 | 10:10 – 10:40 Raman Ladutska 🗣 | Bohdan Melnykov When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be

LightSpy2: feature-rich mobile surveillance tool set Botconf 2024 Thursday2024-04-25 | 11:00 – 11:30 Victor Chebyshev 🗣 Mobile malware poses a significant threat to user privacy and security, with the potential to carry out a wide range of malicious actions on infected devices. Beyond the familiar capabilities such as SMS message theft, call log recording, and

The Supershell and its widespread Botnet Botconf 2024 Thursday2024-04-25 | 11:35 – 12:05 Chetan Raghuprasad 🗣 This presentation details the Supershell C2 framework. Threat actors are using this framework massively and creating botnets with the Supershell implants. Supershell is a relatively new C2 framework with a WEB-based command and control (C2) server written in Python

Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos Botconf 2024 Thursday2024-04-25 | 12:05 – 12:35 Alexey Bukhteyev 🗣 | Arie Olshtein In the ever-evolving landscape of cyber threats, seemingly legitimate tools have taken a dark turn, emerging as potent weapons in the hands of cybercriminals. Notable examples include the Remcos RAT and GuLoader (also known

Gozi ISFB – Memoirs of a banking trojan Botconf 2024 Thursday2024-04-25 | 13:50 – 14:30 Fred Harrison 🗣 Gozi ISFB has been a persistent banking trojan that has gone through many changes over its lifetime. Being observed for generic and banking fraud campaigns but also now slowly pivoting into the ransomware as a service world

GenRex Demonstration: Level Up Your Regex Game Botconf 2024 Thursday2024-04-25 | 14:35 – 15:15 Dominika Regéciová 🗣 GenRex is a unique tool for detecting similarities in artifacts from executable files and the generation of regular expressions. This paper demonstrates how to use GenRex to maximize the usage of regular expressions automatically created from behavioral reports