Items tagged with Malware
Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too? On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to...
Read more...
A lot of folks buying (legitimate) software are disgruntled about the rise of "software as a service," or SaaS. Proponents claim that the continued payments enable further development of useful applications, while opponents complain that they end up paying far more than they might under a more traditional "buy to own" model. Customers also voice concerns that automatically-updating software might break, or remove useful features. If legitimate customers are frustrated by the SaaS model, one can only imagine how annoying it must be that malware providers have moved to the same sort of system. Last week's "Bloodystealer" trojan is primarily sold that way, and so is REvil, arguably the most notorious...
Read more...
Practically everyone owns a mobile device these days, and the majority of them run on Android, the most popular smartphone OS in the world. Don't think that malicious hackers aren't paying attention. Just the opposite, a security firm says it recently discovered an "aggressive mobile premium services campaign" that has infected upwards of 10 million Android devices around the world. This is an active Trojan attack that has been dubbed GriftHorse, and the campaign is believed to have been running since November 2020. The culprit(s) infected over 200 Android apps with the malicious code, which sprawls over 70 countries. And they weren't just distributed through third-party app stores, they also...
Read more...
Security researchers say they discovered and reported to Microsoft a "highly sophisticated" zero-day attack vector in Windows that targets Office 365 and Office 2019 users. In some cases, simply opening an infected document would be enough to compromise a PC. Furthermore, there does not yet exist a patch, though one is on the way. In a Twitter post, cybersecurity outfit EXPMON said it notified Microsoft of the flaw over on Sunday and has been "working tirelessly over the holiday weekend to protect users." EXPMON also said it was able to reproduce the attack method on a typical user environment. Microsoft released a security bulletin (CVD-2021-40444) saying it is investigation the situation, and...
Read more...
A notorious cyber-criminal group is believed to be responsible for a malicious Word document that attempts to lure victims by preying on their curiosity towards Windows 11, the next major operating system from Microsoft. The document began making the rounds in June, the same month a leaked Windows 11 ISO tipped up, followed by the first Insider Preview build being made available. The leaked Windows 11 ISO showed up around the middle of June, and immediately drew interest because for many people, it provided a first real look at the upcoming OS. Adding to the interest, Windows 10 was supposed to be the last version of Windows ever, with recurring feature updates on a bi-annual basis (and of course...
Read more...
Do you ever feel like the universe just has it in for you? Adding to the theory that some entity is pulling the strings from behind the scenes and having a good chuckle at our expense, not only are graphics cards frustratingly almost always out of stock (and overpriced), but if you do manage to procure one, you may have to worry about it being infected with malware. It doesn't even matter if you opt for an AMD or NVIDIA graphics card. Or use integrated Intel graphics, for that matter. Sure, things could certainly be worse, and this falls under the purview of another first-world problem, but that's part of what we cover around these parts. And much to our chagrin, someone on a dedicated forum...
Read more...
It is somewhat common for enterprising developers to add features to popular apps via plug-ins, companion apps, or even by modifying the original when possible. By reverse-engineering apps, like WhatsApp for example, a skilled developer can tweak and modify features or even add their own spin on things. However, this also opens the door to malicious possibilities, as we have now seen with an infected version of FMWhatsApp, which is a popular WhatsApp mod. FMWhatsApp typically adds themes, read receipt controls, more robust file attachment capabilities, and more. While all of that may sound well and good, researchers at Kaspersky recently found that the trojan Triada has also managed...
Read more...
Not everything has to be high-tech to perform dastardly deeds these days, and the same is true of malware. However, malware can slip by conventional security solutions using some email tricks and social engineering and still infect end-users, as Microsoft reports. This Tuesday, the Microsoft Security Intelligence reported on Twitter that several “active email campaigns that use BazarLoader to deliver a wide range of payloads” are being tracked. These campaigns have been found to use some interesting techniques to get around what Microsoft describes as “conventional email security solutions and best practices.” The first reported campaign is called “BazaCall,”...
Read more...
Network Attached Storage (NAS) devices from Synology are being targeted by the StealthWorker Botnet in an ongoing brute-force attack that could lead to ransomware infections. Perhaps we should just drop the “network attached” of NAS portion for now. According to an August 4th report, Synology’s Product Security Incident Response Team (PSIRT) witnessed and received reports on “an increase in brute-force attacks against Synology devices.” While the team believes that these attacks are not using software vulnerabilities, the attacks are still concerning. The botnet behind the brute-force behavior, wherein attackers “leverage a number of already infected...
Read more...
Some of Gigabyte's support sites have been taken offline, the result of an apparent ransomware attack in which a hacking group claims to be in possession of sensitive data, and is holding it hostage. If a ransom is not paid, the culprits say they will publish 112 gigabytes of stolen files, including ones containing confidential AMD and Intel documents. "We have downloaded 112 GB (120,971,743,713 byes of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends). Leaked sources: newautobom.gigabyte.intra, git.ami.com.tw and some others," the hacking group wrote in a message. The mind races at what documents that fall under at purview of non-disclosure...
Read more...
Some vultures prey on dead animals, other Vulturs prey on banking information entered on Android devices. In late March of this year, ThreatFabric detected an Android-based remote access trojan (RAT) malware, dubbed Vultur, collecting login credentials. However, the threat actors took a different approach to the thievery by simply recording what is shown on a screen through VNC. As ThreatFabric describes, a “vulture is a large bird of prey that specializes in attacking and feeding on weak and helpless animals,” and they keep their “eyes on their preys for a long time before making a move, which happens only when they are sure the attack is lethal and successful.” The Vultur...
Read more...
Microsoft's Windows 11 operating system is set to debut this October, and understandably, many people are excited about its launch. After all, it's been about six years since the official launch of Windows 10, and people are antsy to see what's next from Microsoft. Unfortunately, scammers are always looking for a way to take advantage of unsuspecting users, and the hype surrounding Windows 11 makes for a perfect opportunity to strike. A new piece of malware has found its way to the internet, and the executable is named 86307_windows 11 build 21996.1 x64 + activator.exe. The download weighs in at 1.75GB, which is about less than half the size of a legit Windows 11 ISO. Fake Windows 11 installer...
Read more...
Over the past few years, the surge in cryptocurrency values has meant that unscrupulous individuals are looking for ways to make money without putting in the hard work. In the case of cryptocurrency malware, the software is installed on unsuspecting computers, forcing them to mine without the victim seeing a single dime in the resulting revenue. Such is the same with LemonDuck, which the Microsoft 365 Defender Threat Intelligence Team is warning about this week. Once LemonDuck malware finds its way onto a target machine, it is swept up into a botnet that mines for cryptocurrencies. What makes LemonDuck so dangerous, however, is that it doesn't just target one platform. Instead, it is viable on...
Read more...
High-reward ransomware appears to be all the rage right now after the REvil hacking group executed the Kaseya attack, encrypting over 1,500 businesses. Now, Saudi Aramco has confirmed a data leak today following an extortionist who demanded $50 million after claiming to have sized a large quantity of data from the world’s largest oil producer. Released today, Aramco’s statement explained that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” While no supplier or contractor was named nor was it explained how the data was lost according to the Financial Times, it seems the company is simply...
Read more...
Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded...
Read more...
Late last week, it was revealed that a global spyware campaign was targeting politicians, activists, and journalists worldwide. Initially, the company behind the software for spying, NSO Group, was blamed for the data leak and supplying its software to authoritarian regimes. However, NSO Group has since rejected these claims to try and deflect rather than publicly investigate what has happened. Published yesterday, a news article called "Enough Is Enough!" was posted on NSO Group's website. Within this article, the company explained that the spyware concern was a "planned and well-orchestrated media campaign lead by Forbidden Stories" and then "pushed by special interest groups." Subsequently,...
Read more...
Earlier this year, malicious hackers exploited a vulnerability in Microsoft Exchange servers to attack an estimated 30,000 organizations worldwide. Both Microsoft and other organizations were quick to point fingers at Chinese hackers, but the Biden administration, along with U.S allies, are formally blaming China after accusing Bejing of working with the criminal hackers. The announcements, released today, come as both condemnation and warning due to China’s “irresponsible and destabilizing behavior in cyberspace.” Though the country may want to be a responsible world leader, its malicious cyber activity “poses a major threat to U.S. and allies’ economic and national...
Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO Group, could have been sold to authoritarian governments to monitor anywhere up to 50,000 people. Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone...
Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."...
Read more...
The billing fraud and SMS-stealing malware known as Joker has returned to the Google Play Store after having its ups and downs dating back to 2017. Researchers now say Joker has a new bag of tricks and can avoid Google’s app-vetting process and sneak onto the market. Disguised within legitimate-looking apps, Joker can steal text messages, contact lists, and device information and then subscribe users to unwanted paid and premium services. Thankfully, thousands of Android applications infected with Joker have been taken down from the Google Play Store in the past several years, but it does not seem that this was enough. Since September of 2020, when the last wave of Joker takedowns happened,...
Read more...
Hopefully you are not one of the millions of people who have installed an app called PIP Photo onto your Android device. Why is that? While it may seem like a harmless and handy image editing app, it contains malware designed to covertly swipe a person's login credential for Facebook. Same goes for a handful of other Android apps. Each of the nine malicious apps discovered by researchers at Doctor Web contain a trojan that gets to work trying to trick users into coughing up their Facebook usernames and passwords. What makes the apps potentially effective is that they otherwise work as intended and expected. "The applications were fully functional, which was supposed to weaken the vigilance of...
Read more...
Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit? That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that was signed by Microsoft. After a lot of investigation into the matter, it turns out that the positive...
Read more...
