Costin RaiuVerified account

@craiu

Romanian antihacker from another planet; chief paleontologist; director of Global Research and Analysis Team at . Tweets are my own.

Bucharest
kaspersky.com/about/security…
Joined October 2007
427 Photos and videos Photos and videos

Tweets

You blocked @craiu

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @craiu

  1. Pinned Tweet
    22 Mar 2019

    When Lily from Human Resources develops BIOS code in her spare time.

    23 replies 461 retweets 1,696 likes
    Undo
  2. Retweeted
    Feb 6

    Your phone number identifies you. When you sign up with a phone number, apps which might seem private become vulnerable. That's why Session doesn't require a phone number for sign-up.

    3 replies 33 retweets 116 likes
    Undo
  3. Retweeted
    20 hours ago

    "RoamingMantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing....iOS users are redirected to a phishing page imitating the official Apple website, while the Wroba malware is downloaded on Android devices"

    9 retweets 18 likes
    Undo
  4. Retweeted
    Feb 6

    when a private messaging app asks for ur phone number

    11 replies 122 retweets 580 likes
    Undo
  5. Retweeted
    Feb 6

    Yes, no problem, I'll send you all my Sigma rules for review ... all 1755, if needed

    9 replies 28 retweets 258 likes
    Undo
  6. Retweeted
    Feb 4

    Today is the opening ceremony ❄️ So let’s revisit Olympic Destroyer ft. one of the most deceptive hacks in history - 2️⃣0️⃣1️⃣8️⃣ Pyeongchang Olympic Games 🏅

    1 reply 1 retweet 5 likes
    Undo
  7. Retweeted
    Feb 4

    Excited to speak at 10am tomorrow. As the threat intel interloper, I'll give my take on the ways that offensive security researchers are part of the threat game whether they like it or not. Also why my team likes to catch and burn their 0day!

    11 retweets 89 likes
    Undo
  8. Retweeted
    Feb 4

    . is ready to share his 20+ years of reversing experience on our legendary new online training course, Advanced Malware Analysis Techniques. Request a demo now ⇒

    8 retweets 13 likes
    Undo
  9. Retweeted
    Feb 3

    New from & me: A second Israeli spyware firm quietly developed a way to remotely & invisibly hack into iPhones. It's a sign that dreaded "zero-click" exploits are more widespread than publicly known.

    4 replies 87 retweets 157 likes
    Show this thread
    Show this thread
    Undo
  10. Retweeted
    Feb 3

    NEW >>> iPhone flaw exploited by second Israeli spy firm-sources

    7 replies 165 retweets 222 likes
    Show this thread
    Show this thread
    Undo
  11. Retweeted
    Feb 1

    SO BAD: notorious spyware company NSO Group offered "bags of cash" in exchange for access to American cellular networks, per whistleblower. Rep. has already asked DOJ to investigate. THREAD 1/ By

    23 replies 442 retweets 683 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Feb 1

    Kudos to for great research on another watering hole campaign targeting Hong Kong activists: Google TAG: Indeed, it looks suspiciously similar to the one we investigated in 2020:

    5 retweets 20 likes
    Undo
  13. Retweeted
    Feb 1
    Replying to

    They are very similar. Look at the strings functions obfuscation and code logic.

    1 retweet 1 like
    Undo
  14. Retweeted
    Jan 31

    Join as he talks about , looking at how attackers managed to deeply embed an implant within a benign UEFI firmware image. Learn more & register 👇

    6 retweets 18 likes
    Undo
  15. Retweeted
    Jan 31

    Join me in this webinar to get an in-depth understanding of 's internals and underlying story.

    ⚠️Webinar Alert 🖥️In spring of 2021, researchers identified a novel threat against UEFI in the wild - a benign image named as Moonbounce 💡Find out in-depth about Moonbounce with Mark Register now➡️
    19 retweets 45 likes
    Undo
  16. Retweeted
    Jan 28

    BREAKING: Finnish diplomats were targeted by spyware. Yet another government coming forward and pointing the finger at NSO. Statement:

    8 replies 266 retweets 412 likes
    Undo
  17. Retweeted
    Jan 28

    I wrote a short introduction to getting started with forensic analysis of Android devices in order to identify traces of compromise.

    7 replies 159 retweets 429 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    Jan 28

    Every once in a while, whenever a critical vulnerability affects Linux and everyone starts exploiting it, we remember that Linux audit logs are crap

    14 replies 46 retweets 340 likes
    Undo
  19. Jan 27

    DeadBolt looks like a rebranded Hive Ransomware for Linux, or, based on the Hive sourcecode.

    I obtained a sample of the DeadBolt ransomware targeting QNAP devices. It is an ELF executable previously packed with UPX. For those who want to take a look, you can download it from malshare:
    Show this thread
    1 reply 4 retweets 6 likes
    Undo
  20. Retweeted
    Jan 26

    New iOS/macOS in-the-wild 0-day patched today: CVE-2022-22587 in IOMobileFrameBuffer found by and

    1 reply 24 retweets 89 likes
    Undo
  21. Retweeted
    Jan 24

    The newest version of AitaRAT is a good example. As published by today, Aita (and not BRata) tries to remove security products on your smartphone. After the fraud is complete the RAT will do a factory reset - this campaign was targeting Italian banks [+]

    1 reply 6 retweets 12 likes
    Show this thread
    Show this thread
    Undo

@craiu hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·