Anyrun

Every piece of malware leaves traces behind. Sometimes it’s a string buried deep in the code. Other times it’s a mutex, a registry key, or a network pattern. The key is knowing what to look for.  That’s exactly what malware signatures are for. They describe these recurring elements, unique strings, behaviors, or structural patterns, that […]

The post Malware Signatures: How Cybersecurity Teams Use Them to Catch Threats  appeared first on ANY.RUN's Cybersecurity Blog.

While developing our Security Training Lab educational program, we at ANY.RUN have turned to well-established theories of education, cognitive skill development, and the psychology of learning. Their foundational principles emphasize one critical truth: practice is indispensable for mastering complex skills.   In the field of cybersecurity—especially in malware analysis—the ability to apply theoretical knowledge in […]

The post Why Practice Is Key to Training Top Malware Analysts and How ANY.RUN Supports It appeared first on ANY.RUN's Cybersecurity Blog.

At ANY.RUN, we love hearing about clients’ experiences. Quality feedback helps us improve and gives new and existing users a clearer understanding of our tools in actual security scenarios.  That’s why when we spoke with Augustin Alexandrovici, who leads Cyber Intelligence Operations at Expertware, we knew we had to share our conversation.   Check out the […]

The post How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis appeared first on ANY.RUN's Cybersecurity Blog.

March was a productive and exciting month for the ANY.RUN team. We’ve been working hard to improve both our sandbox platform and Threat Intelligence services — all to help you detect threats faster and stay ahead of cybercriminals.  This month, we focused on expanding the environments available for malware analysis and making our threat detection […]

The post Release Notes: Android VM, Pre-Installed Dev Tools, TI Reports & Enhanced Detection appeared first on ANY.RUN's Cybersecurity Blog.

Linux cyber threats may be less common than Windows ones, but they can be equally if not more damaging. Defending against these requires proactive efforts. Eric Parker, a popular YouTube blogger and malware analyst, recently showed his approach to investigating and collecting intelligence on Linux malware. Here is a recap of his video.  How to […]

The post How to Hunt and Investigate Linux Malware  appeared first on ANY.RUN's Cybersecurity Blog.

In this report, we examine an Android malware sample recently collected and analyzed by our team. This malware masquerades as a banking application and is built to steal sensitive user information. During the analysis, we came across internal references to “Salvador,” so we decided to name it Salvador Stealer.  Real-time visibility into mobile malware behavior […]

The post Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs appeared first on ANY.RUN's Cybersecurity Blog.

The Globee Awards is an annual competition celebrating companies in various fields, including technology-related businesses, since 2003. This year, the winners were announced on March 13, and ANY.RUN is one of them! We earned silver in the Outstanding Threat Detection and Response category.  Thank You!  It’s a pleasure to share the news with our lovely […]

The post ANY.RUN Wins Globee Awards 2025 for Outstanding Threat Detection and Response appeared first on ANY.RUN's Cybersecurity Blog.

Cyber threat intelligence is all about data: its collection, exploration and research, extracting actionable insight. If you employ any intelligence solution, it is vital to understand what data sources it relies on and what kind of information they deliver.   In ANY.RUN’s Threat Intelligence Lookup and TI Feeds, we leverage fresh data from millions of sandbox […]

The post How We Enrich TI Lookup and Feeds with Fresh Threat Data from 15,000 Organizations appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Mohamed Talaat, a cybersecurity researcher and malware analyst. You can find Mohamed on X and LinkedIn.  In this article, we’re diving into GorillaBot, a newly discovered botnet built on Mirai’s code. It’s been spotted launching hundreds of thousands of attacks across the globe, and it’s got some […]

The post GorillaBot: Technical Analysis and Code Similarities with Mirai appeared first on ANY.RUN's Cybersecurity Blog.

It is with great pleasure and gratitude that we announce our victory at the Cybersecurity Excellence Awards 2025, an annual competition for individuals and companies that stand out in the field of information security held by a major online community Cybersecurity Insiders.  Our service, ANY.RUN Threat Intelligence Lookup, was named best among leading threat intelligence […]

The post TI Lookup Named Best Threat Intelligence Service at Cybersecurity Excellence Awards appeared first on ANY.RUN's Cybersecurity Blog.

Malware analysis is a promising yet competitive career path, where education must be taken seriously to stand up against ever-evolving threats. The demand for such professionals has never been higher, but the requirements and expectations are not low either.   A specific mindset and a number of well-developed soft skills are no less vital than a […]

The post Decoding a Malware Analyst: Essential Skills and Expertise appeared first on ANY.RUN's Cybersecurity Blog.

It’s here! The news security teams have been waiting for: ANY.RUN now fully supports Android OS in its interactive sandbox!  Now, you can investigate Android malware in a real ARM-based sandbox, exactly as it would behave on an actual mobile device. No more blind spots or unreliable analysis.  With this release, ANY.RUN allows SOC teams, […]

The post Expose Android Malware in Seconds: ANY.RUN Sandbox Now Supports Real-Time APK Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN sandbox just got even more powerful thanks to a new pre-installed development software set in its virtual machines (VMs).  Building on our existing pre-installed sets, we’re introducing this new option to give researchers even more flexibility and advanced tools for analyzing highly specific and complex malware inside the sandbox.  With this update, before launching an analysis session, users […]

The post New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

Artificial Intelligence (AI) becomes increasingly integrated into daily life, offering unprecedented advancements in automation, communication, and cybersecurity. However, as AI models grow more sophisticated, they also introduce new threats. Discussions about AGI (Artificial General Intelligence) and superintelligence often dominate public discourse, but immediate risks demand urgent attention.   This article explores three major AI threats: AI-powered […]

The post AI Safety: Key Threats and Solutions  appeared first on ANY.RUN's Cybersecurity Blog.

Cybercriminals are constantly refining their methods to stay one step ahead of security defenses. One of their key tactics is evasion, a set of techniques designed to hide malicious activity, bypass detection, and make investigations much more difficult for security teams.  Over time, attackers have developed countless evasion techniques, and they continue to evolve as […]

The post 5 Common Evasion Techniques in Malware  appeared first on ANY.RUN's Cybersecurity Blog.

How can security teams effectively monitor evolving attacks and stay ahead of constantly shifting attacker infrastructure? We spoke with a chief information security officer at a transport company about how they use subscriptions to Search Updates in Threat Intelligence Lookup to tackle this challenge.  Here’s what we learned.  Company Info  Without getting into any specifics, […]

The post How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks  appeared first on ANY.RUN's Cybersecurity Blog.

Hey, cybersecurity enthusiasts!  February brought major enhancements to ANY.RUN, improving threat intelligence, detection capabilities, and overall user experience.  With the launch of Threat Intelligence Reports, security professionals now have access to detailed, expert-driven analyses of cyber threats, malware, and APT activities. We also introduced a redesigned website, making navigation more intuitive and structured.  On the […]

The post Release Notes: Threat Intelligence Reports, New Website Design, & Enhanced Detection appeared first on ANY.RUN's Cybersecurity Blog.

Threat Intelligence Feeds from ANY.RUN provide a continuously-updated stream of the latest indicators of compromise. They enable SOC teams to quickly detect and mitigate attacks, including emerging malware and persistent threats. But how do ANY.RUN’s feeds get enriched with fresh and, most importantly, unique indicators? Let’s find out. About ANY.RUN’s Threat Intelligence Feeds ANY.RUN’s Threat […]

The post Enriching ANY.RUN’s TI Feeds with Unique IOCs: How It Works appeared first on ANY.RUN's Cybersecurity Blog.

If you are a student, you might be several years away from getting a degree and a profession – and about a month away from becoming a malware analyst. The latter is made possible by ANY.RUN’s Security Training Lab. There is no point in advertising a career in cybersecurity nowadays. Money talks louder: ransom sums, […]

The post Learn to Analyze Real-World Cyber Threats with Security Training Lab appeared first on ANY.RUN's Cybersecurity Blog.

Network traffic analysis is one of the most effective ways to detect and investigate malware infections. By analyzing communication patterns, researchers and security teams can uncover signs of malicious activity, such as command-and-control (C2) connections, data exfiltration, or DDoS attacks.  In this guide, we’ll explore how traffic analysis helps detect malware, the key tools used […]

The post Malware Traffic Analysis in Linux: Hands-on Guide with Examples appeared first on ANY.RUN's Cybersecurity Blog.