Cyren Security Blog

Subscribe to this Blog

Fake bank transfer emails stealing Bitcoin and passwords

by Igor Glik & Magni Reynir Sigurðsson

Malware Threat Analysis Web Security

Cyren has discovered an outbreak of malware which is stealing passwords as well as Bitcoin from crypto-currency wallets on PCs. This versatile keylogger malware is delivered as an attachment to phony bank transfer emails, informing the recipient that they have received a deposit.

Botnets rising

by Lior Kohavi

Botnets Malware Threat Analysis Web Security

The year 2016 was certainly notable for Locky and the rise of ransomware, but these last months our attention has been drawn to a fundamental element of the underlying criminal cyber infrastructure—botnets.

New Threat Report: Everything you need to know about botnets

by John Callon

Botnets Cyberthreat Report Malware Threat Analysis Web Security

Cyren announces the release of the comprehensive cybersecurity report Botnets: The Clone Army of Cybercrime. This detailed look at a fundamental component of cybercrime infrastructure covers a wide range of botnet-specific topics, ranging from the basics of botnet architecture to in-depth analyses of botnet creation and evasion techniques.


Malicious Google Chrome extension spreads nude celebrity pdf's to Facebook

by Magni Reynir Sigurðsson

Threat Analysis Web Security

A researcher at Cyren has found that a malicious Google Chrome extension is spreading nude celebrity PDFs to Facebook groups. A user is uploading a PDF document to groups with the name:


Locky Adds New File Format and Attacks UK

by Maharlito Aquino

Ransomware Threat Analysis

New Locky email spam detected by Cyren today — September 1, 2016 — appears to be targeting the UK with the Locky downloader script component in a new file format, as HTML applications or HTA files. 

Locky Morphs Again: Now Delivered as DLL

by Maharlito Aquino

Ransomware Threat Analysis

We are now seeing a new wave of Locky which has yet again updated its delivery mechanism, by adding another layer of obfuscation to its downloader script, which Cyren detects as JS/Locky.AT!Eldorado.