Items tagged with Malware
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all...
Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We...
Read more...
New Android malware has surfaced that has an extensive range of data theft capabilities. BlackRock, as the malware is known, has targeted 337 Android applications. The threat was first seen in May and was discovered by security research firm ThreatFabric. According to the research firm, BlackRock is derived from the code of Xerxes banking malware. Xerxes itself is a strain of the LokiBot Android banking trojan. The code for Xerxes malware was made public around May 2019. The big news for BlackRock is that it has additional features compared to both of its ancestors. Its additional features are particularly focused on the theft of passwords and credit card information. Functionally, BlackRock...
Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients...
Read more...
The researchers at Check Point Security are warning about a new strain of the Joker Dropper malware that has found its way into the Google Play Store (again). Unfortunately for unassuming Android users, Joker is a rather old piece of malware dating back to 2017, which keeps "reinventing" itself to circumvent security protections put in place by Google. The latest version of Joker is using nefarious means to subscribe its Android victims to premium services, which pads their monthly cell phone bills with additional charges. In this latest iteration, Joker hides its code in the Android manifest file for an app. By going this route, Joker doesn’t need to access a command and control (C&C)...
Read more...
Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior." However, this isn't the first time that the TikTok app has...
Read more...
A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert. The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows...
Read more...
A third-party security team uncovered a massive ring of Chrome spyware extensions that were all working together. The nefarious extensions had been downloaded a total of over 32 million times and impacted millions of Chrome browsers. The researchers at Awake Security are coming forward after they informed Google of the Chrome spyware ring, and after Google removed over 70 identified extensions from the official Chrome Web Store last month. A Google spokesman said that after extensions are removed from the Web Store that violate policies, the incidents are used as training material to improve the automated and manual analysis systems. Most of the illegitimate extensions discovered by the researchers...
Read more...
Security researchers have found a new vulnerability that impacts almost every version of the Android operating system. The vulnerability is called Strandhogg 2.0, and it could allow malware to impersonate legitimate apps to steal passwords and other sensitive data from user devices. Strandhogg 2.0 impacts every device running Android 9.0 or earlier. Security researchers have dubbed the vulnerability the "evil twin" to the earlier vulnerability of the same name. Both bugs were discovered by a security firm called Promon. Strandhogg 2.0 tricks victims into thinking they are entering their passwords on a legitimate app while they are instead interacting with a malicious overlay. The bug is also...
Read more...
Malware is something that computer users have fought since the dawn of the computer age it seems. Hackers who use malware to try breach networks and user data have evolved some pretty sophisticated methods as of late. Late this week, Microsoft Security Intelligence has announced via Twitter that it's tracking a "massive campaign" that delivers a malicious payload including the remote control access tool, NetSupport Manager, using emails with an attachment that contains malicious Excel 4.0 spreadsheet macros. The email campaign tries to fool users into opening an attachment that contains Excel pages that are COVID-19 themed and full of what appears to be statistics. We’re tracking a...
Read more...
A number of supercomputers across Europe have been targeted by malware that focuses on mining for cryptocurrency (Monero). The malware has forced supercomputers in the UK, Germany, and Switzerland to be shutdown as operators investigate the security incidents. The high-performance computing center in Spain was also reportedly targeted by a malware attack. The first reported attack surfaced last Monday and came from the University of Edinburg, home of the ARCHER supercomputer. The university reported that there was a "security exploitation on the ARCHER login nodes." ARCHER operators shutdown the system for an investigation, and all SSH passwords were reset to prevent further intrusions. In Germany,...
Read more...
There are multiple ways to sneakily extract data from a PC, and not all of them involve directly tapping into the storage device. Even a PC that is not connected to a network is vulnerable. These are referred to as air gapped systems, and security researcher Mordechai Guri from Israel's Ben Gurion University of the Negev found yet another way to siphon data from them, this time by interpreting sounds from the power supply. Guri is a bit of a specialist in this area. Last month, he outlined a clever method of extracting data from an air gapped PC by manipulating and interpreting case fan vibrations. He referred to this method as 'AiR-ViBeR' in a whitepaper. While limited in scope, if a person...
Read more...
Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence. Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be...
Read more...
Security researchers have discovered a way to thwart almost every antivirus program using a "unique but simple method" involving directly junctions and symlinks. Antivirus software that falls prey to this kind of attack essentially attack themselves by deleting files critical to the program's operation, leaving users vulnerable. According to the researchers, this method works because of a fundamental flaw in how antivirus software performs real-time scans of unknown files. Almost all of them run in a privileged state, or the highest level of authority on an operating system. "What most antivirus software fail to take into consideration is the small window of time between the initial file scan...
Read more...
Security researchers at a university in Isreal have developed a novel approach to covertly siphoning sensitive data from PCs. At its core, this is yet another malware scheme. But what makes this method somewhat unique is that it is transmits data from a target PC to a nearby smartphone (or other device) through fan vibrations. Say what? Mordechai Guri from the Cyber Security Research Center at Ben-Gurion University of the Negev, Israel, outlined the cunning method dubbed 'AiR-ViBeR' in a whitepaper. This is essentially what's known as an air-gap vulnerability. "Air-gap covert channels are special types of covert communication channels that enable attackers to exfiltrate data from isolated, network-less...
Read more...
You would have a better chance of finding a needle in a haystack that is a mile high, than scruples in a malware author that targets victims during a pandemic. The current virus outbreak is no exception. According to Microsoft, a piece of malware masquerading as an informational document from a non-profit offering free COVID-19 testing is making the rounds in a big way. It's called "Trickbot" and it is "the most prolific malware operation using COVID-19 themed lures," based on Microsoft's Office 365 ATP data, the company stated on Twitter. "This week's campaign uses several hundreds of unique macro-laced document attachments in emails that pose as message[s] from a non-profit offering free COVID-19...
Read more...
As we have said before, these are challenging times as we all adapt to the reality of a deadly virus and keeping our distance from one another to slow its spread. Making matters worse, nefarious actors are pouncing on the opportunity to spread malware. This means you need to be extra cautious about falling for a phishing scam. It's a numbers game for malware authors. Google shared some interesting stats, saying Gmail weeds out and blocks more than 100 million phishing emails every day. During the past week, Google says it saw 18 million daily malware and phishing emails related to COVID-19. "This is in addition to more than 240 million COVID-related daily spam messages. Our ML [machine learning]...
Read more...
It appears as though even malware authors are going a little stir crazy during this time of recommended isolation. One of the newest PC infections making the rounds is a nasty piece of 'wiper' malware that effectively locks victims out of their computers, and displays a message giving false credit for the infection to a pair of renowned security researchers. The type of infection going around is referred to as an MBRLocker. What these type of malware strains do is replace the master boot record (MBR) on a PC to prevent the operating system (OS) from loading. Some strains also go the extra mile by encrypting the table containing partition information, which makes it impossible for a victim to...
Read more...
We've discussed the rather nasty xHelper malware on a number of occasions here at HotHardware, and it's a rather insidious trojan. XHelper first started making the rounds via the Google Play Store roughly a year ago, and by October 2019, over 45,000 Android devices had fallen victim to its tainted tentacles. As of now, that number has surpassed 50,000. The folks over at Kaspersky have performed a rather thorough analysis of xHelper, which manifests itself in Trojan-Dropper.AndroidOS.Helper.h and is typically distributed via apps that claim to clean your smartphone or boost its performance. However, once the payload is downloaded, decrypted, installed, and then launched on a device, it then...
Read more...
Researchers at Bitdefender announced the discovery of a new attack that is targeting home routers. In the attack, the DNS settings in the router are changed to redirect the victim to a website that delivers the Oski infostealer malware as the final payload. The most interesting aspect of the malware is that it stores the malicious payload using Bitbucket, which is a popular web-based control repository hosting service. The sneaky malware takes steps to avoid alerting the victim that their router has been compromised, including abusing TinyURL to hide the link to the Bitbucket payload. The page that users are redirected to talks about the coronavirus pandemic and offers a download to give users...
Read more...
Google began rolling out version 80 of its Chrome browser to the public at large in early February, with the most publicized feature being a new cookie classification system designed to give users more control over cookie controls. While cookie handling dominated the headlines, Chrome 80 also added stronger encryption, though perhaps not strong enough. Starting with Chrome 80, the browser encrypts local passwords and cookies in Windows using AES-256 encryption. Prior to Chrome 80, the browser leveraged the data protection API (DPAPI) built into the OS to handle encryption chores. And it still does, but AES-256 acts as another layer of protection for added security. This was thought to thwart...
Read more...
We fully realize we are preaching to the choir, but never open up unsolicited and/or unexpected email attachments. Remind your friends and remind your family members. Lest anyone need a reminder of why this is a bad idea, security researchers are warning of a group of attackers who have been phishing for victims as part of a TrickBot malware campaign. The hackers are using the remote desktop ActiveX control in Word documents to carry out their malicious deeds. Once initiated on a Windows 10 PC, the ActiveX control automatically executes a malware downloader called Ostap, which was recently adopted by TrickBot for delivering payloads. And it all starts with phishing. Malicious actors send out...
Read more...
