![]() The malware authors have used large amounts of domains, various infection and stealing techniques, and programming languages (Delphi, JS, VBS.) during Guildma’s long existence, but, on the other hand, they also used the same or very similar code patterns like encryption algorithm and seeds, URL path format, variables or file names. ![]() Our analysis provides detailed information about all of Guildma’s stages, module functionality, C&C servers, commands and a long list of targeted services and applications, as well as a description of the evolution of features. Malware researchers have done some analysis of Guildma in the past, but only focused on the first stages of the malware. We estimate that the first versions of Guildma were created in 2015, based on the available clues in our analysis and previous research conducted on Guildma. The cybercriminals behind Guildma have primarily focused on targeting Brazilian users and services, but since May 2019 they have expanded their target pool and are now targeting more than 130 banks and 75 other web services around the world. Guildma is powerful combination of a RAT (remote access tool), spyware, password stealer and banker malware, mainly distributed via malicious attachments in phishing email campaigns. For several months now, we have been tracking malware called Guildma.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |