Items tagged with Malware

Microsoft announced this week that it has teamed up with the FBI and other partners including ESET to dismantle the massive botnet called Gamarue (Andromeda). Microsoft says that it and its partners began the journey to disrupt the botnet all the way back in 2015. A coordinated take down started on November 29, 2017 and an arrest was made. ESET wrote, "A coordinated take down started on November 29, 2017 and as a result of this joint effort, law enforcement agencies across the globe were able to make an arrest and obstruct activity of the malware family responsible for infecting more than... Read more...
A fake WhatsApp application was downloaded more than 1 million times from Google's Play Store before it was finally removed, and that should serve as a wake-up call that Google needs to do a better job vetting its submissions. In this case, the malicious app slipped through the cracks by spoofing the legitimate version, both in appearance (it initially used the same icon) and the developer field. The malicious version was spotted by Nikolaos Chrysaidos, a security researcher at Avast, one of the better known antivirus companies (particularly in the realm of free AV). According to Chrysaidos, the... Read more...
There is strength in numbers, and that is part of what is driving an increase in cryptocurrency mining malware. The idea is to infect as many mobile devices as possible, and tap into the combined computing power to crunch numbers for profit. Unfortunately, this seems to be a trend (on both mobile and PC)—security outfit Trend Micro says it found apps with malicious cryptocurrency mining capabilities on Google Play. This is not the first time these kinds of apps have appeared in Google Play, and it probably will not be the last. What they have in common is that they use dynamic JavaScript loading... Read more...
This has been a bad year for wide-scale ransomware attacks, where malware encrypt a user's computer and demands payment to unlock the machine. The two major ransomware attacks that have happened in 2017 include WannaCry and ExPetr (or Petya and NotPetya as they were also called). The hackers behind WannaCry cashed out their bitcoin ransom in August netting about $143,000. The year is almost over, but another major ransomware attack is underway and it is called Bad Rabbit. Kaspersky says that Bad Rabbit has infected several major Russian media outlets with Interfax and Fontanka.ru news agencies... Read more...
Symantec has issued a warning that it found at least eight different apps on Google Play that were infected with a malware called Android.Sockbot. The apps all posed as add-ons for Minecraft: Pocket Edition and claimed to change the way characters look in the game with new skins. The infection from these apps was widespread with an install base between 600,000 and 2.6 million devices. The malware was mainly focused on infecting users in the U.S., but there were infections in Russia, Ukraine, Brazil, and Germany as well. Symantec says that it set up network analysis of the malware and found that... Read more...
All statistics are notable in their own right, but once in a while, one comes along that seems downright mind-boggling. Take this one: 500 million people are currently affected by unauthorized cryptocurrency mining. Remember when pop-up ads were the biggest offense? That's child's play. If you run into a website running a mining script, you'll be paying real money by way of a higher power bill. AdGuard, a company specializing in blocking unwanted scripts from websites, has just released a report on its research which includes the 500 million stat above. That's far from being the only interesting... Read more...
Come on, Equifax, you're killing us here. We were already positively dumbfounded when Equifax reported that a security breach resulted in the personal information of over 140 million Americans -- including social security numbers – has been stolen via a website security vulnerability. What was even more unfathomable is that the attack went undetected for months, and that it took a few more months for Equifax to disclose the magnitude of the breach. Now we're learning that Equifax has done it again. Just when we thought we couldn’t think any less of the company, Randy Abrams, an independent security... Read more...
Researchers have still been working their way through the hack that resulted in the very popular CCleaner security app being used as a host for malware. The initial attack was thought by many to have caused minimal harm to computer systems that were infected, but it looks like there was a secondary attack that may be more nefarious. According to the researchers, the hackers were able to piggyback on that initial malware wave and install a second piece of malicious software on the computers working daily in some of the biggest tech firms around the world. The real target of this attack is now thought... Read more...
Users of the popular CCleaner program by Piriform are being advised to update the application after researchers at Cisco's Talos division discovered hackers had hidden malware inside. The contaminated utility served as a beacon call for additional forms of malware—using a backdoor, an attacker could run code from a remote IP address. The threat was discovered in CCleaner 5.33 released on August 15, and CCleaner Cloud 1.07 released on August 24. According to Piriform, which is owned by security outfit Avast, the affected version of CCleaner may have been used by up to 3 percent of its userbase.... Read more...
There is some big money to be made in cryptocurrency mining, assuming the operation is large enough. That is especially true when the value of volatile digital currencies such as Bitcoin and Ethereum skyrocket, as both have done in recent times. Unfortunately, there are some undesirable side effects to the cryptocurrency boom—we all know about the shortage of graphics cards, but even more troubling is that some mining groups are exploiting PCs with malware for more firepower. The situation is getting worse, according to Russian antivirus vendor Kaspersky Labs. A new report by Kaspersky claims that... Read more...
It's been an unfortunately busy few weeks for Android vulnerabilities. Earlier in the month, we wrote about SonicSpy, a grandiose piece of malware that could gain an incredible amount of control over your device - including, of course, being able to record your audio. Just last week, we followed-up with another story talking about the 500 apps Google obliterated from the Play Store that bundled an exploited ad network. Today, WireX is the name of the game, a piece of malware whose sole purpose is to turn our innocent mobile devices into a DDoSing bot network. On August 17, WireX hit many content... Read more...
The Internet of Things (IoT) sounded like a great idea at first glance when it first began picking up steam. However, the problem with giving every single gadget that we come in contact with access to the internet is that no one really thought much about security, leaving many these things vulnerable to viruses and malware. The Mirai DDoS attack taught us a valuable lesson about IoT devices with poor security practices: they can be a huge threat to networks, with attacks involving nearly a million bots. The big rub here is that many of those devices are still a threat, leaving security researchers... Read more...
Just last weekend, we wrote about SonicSpy, a grossly robust piece of malware that infected hundreds of apps on the Play Store. Google is always quick to remove this awful junk when it is detected, but the fact that we keep talking about the issue means it's not going away. It was security research firm Lookout that informed us of SonicSpy, and apparently, the company has been working overtime, as it now introduces us to yet another piece of Android maliciousness, an ad network called lgexin. This issue has impacted many apps on the Play Store, although it's not guaranteed that all of them unleashed... Read more...
A freelance security consultant and Handler at SANS Internet Storm Center has discovered a rather interesting exploit in Microsoft Word, one that allows an attacker to abuse the productivity program's ability to auto-update links. This is a feature that is enabled by default—when you add links to external sources like URLs, World with automatically update them without any prompts. Therein lies the issue. "The infection vector was classic: The document (‘N_Order#xxxxx.docx with 5 random numbers) was received as an attachment and has a VT score of 12/59 this morning. The file has an embedded link... Read more...
1 2 3 4 5 Next ... Last