Epic Manchego – atypical maldoc delivery brings flurry of infostealers

In July 2020, NVISO detected a set of malicious Excel documents, also known as “maldocs”, that deliver malware through VBA-activated spreadsheets. While the malicious VBA code and the dropped payloads were something we had seen before, it was the specific way in which the Excel documents themselves were created that caught our attention. The creators […]

Backdooring Android Apps for Dummies

TL;DR – In this post, we’ll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you. Introduction We all know the classic ideas about security on […]

A 30-minute sweep of Industrial Control Systems in Belgium

TLDR; We found several ICS systems in Belgium that were exposed to the internet without requiring any authentication. Screenshots below. Update 19/12: We’ve also had some coverage in the media about this research. ‘De Standaard’ did an article about it and so did ‘Datanews’ (in Dutch and in French). Industrial Control Systems (ICS) is the […]