As mentioned in our previous1 report about VPNFilter malware, the rst stage implant relies on connecting either to one of 12 hardcoded Photobucket URLs or the Toknowall website to fetch an image that had been specially crafted to contain an encoded form of the command-and-control server’s IP address. The stage one sample extracts the address from the image’s EXIF metadata.

A technical investigation of the malicious components involved in the attack that infected over 500,000 routers and network storage devices

Cyber thieves are using aggressive ad platforms more and more to monetize free Android apps. The number of such apps in this disturbing trend finding their way into Google Play continues to grow every day. Find out more about these dangerous apps and what you can do to avoid them.

On the surface, it looked like a helpful toolbox app. But Super Clean Plus hid malicious intentions.

SophosLabs has discovered several malicious apps on Google Play hiding dynamic JavaScript that taps into the CPU of a victim’s phone while mining for cryptocurrency.

The Super Antivirus 2018 app adds some legitimate action to what is really not an antivirus program at all, in order to throw researchers off the track.

In this report, we review malicious activity SophosLabs analyzed and protected customers against in 2017 and use the findings to predict what might happen in 2018.

Sophos data scientists have written several articles about how machine learning works, how it will be applied to Sophos, and what that will mean for customers. This is a handy guide to that content.