Tag Archive for: Proofofconcept

Could this proof-of-concept ransomware gain traction among attackers?

/in


A developer published via GitHub a proof-of-concept (POC) ransomware program featuring strong compatibility with the post-exploitation tool Cobalt Strike, open-source coding, and extensionless encryption.

The author claims the program, dubbed Povlsomware, is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks, warns Trend Micro, which detailed the ransomware in a new company blog post this week.

The good news is that Trend Micro researchers have not seen Povlsomware discussed among members of dark web cybercriminal discussion forums. And at least some experts said it’s unlikely the program will gain significant traction among prominent cybercriminal players due to a lack of malware support infrastructure.

Such assessments are important as the threat intelligence and cyber research community track the evolution and popularity of various malware programs in order to stay on top of the latest trends. But this news also leads to some interesting questions: What are the motivations for posting a POC ransomware program online? And when a new POC malware emerges, what are the factors that ultimately lead it to become successful or disappear?

The nature of the malware

“Povlsomware is a Ransomware Proof-of-Concept created as a ‘secure’ way to test anti-virus vendors claims of Ransomware Protection,’ states developer “PovlTekstTV” on his or her GitHub page. “Povlsomware does not destroy the system nor does it have any way of spreading to any network-connected computer and/or removable devices.”

Despite this disclaimer, Trend Micro expressed concern, noting some of the malware’s alluring features. First and foremost, it works well with the post-exploitation tool Cobalt Strike, which enables the program to perform in-memory loading and execution.

Without tools like Cobalt Strike, “security products will likely block such attacks and even restoration of encrypted files is possible, bringing the impact to somewhat on the low side, but only with the default code by itself,” said Don Ovid…

Source…

Is it still a good idea to publish proof-of-concept code for zero-days? – ZDNet

/in

Is it still a good idea to publish proof-of-concept code for zero-days?  ZDNet

More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by …

“exploit kit” – read more

NAND mirroring proof-of-concept show that FBI could use it to crack iPhone

/in

So NAND mirroring doesn’t work to crack into Syed Farook’s work iPhone and grab the contents, huh? Tell that to the security researcher’s proof-of-concept demonstration.

iPhone forensics expert Jonathan Zdziarski previously suggested the FBI could use NAND mirroring to get information off the locked San Bernadino shooter’s iPhone; yet FBI Director James Comey claimed that making a copy of the phone’s chip to get around the passcode “doesn’t work” and the solution would be “software-based.”

To read this article in full or to leave a comment, please click here

Network World Security

Proof-of-concept Android Trojan app analyzes motion sensor data to determine … – InfoWorld

/in

Proof-of-concept Android Trojan app analyzes motion sensor data to determine
InfoWorld
Accelerometer and orientation sensor data are not protected under Android's security model, and this means that they are exposed to any application, regardless of its permissions on the system, the research team said in a paper (PDF) that was presented

and more »

“android security” – read more