PATREONItems tagged with Malware
Apple products were once praised as the most secure ecosystem, either by design of Apple's walled garden, excellent marketing tactics, or otherwise. However, in mid-2020, Apple accidentally approved widespread Mac malware, breaking this reality for many people. Now, another Mac-exclusive malware has been uncovered in Asia, silently mining Monero in the background of macOS user’s devices. The malware, dubbed macOS.OSAMiner, has likely been floating around since at least 2015, packaged with cracked games and software like League of Legends and Microsoft Office. In 2018, SentinelLabs, a cybersecurity firm, caught wind of Chinese forum reports talking about a Monero mining trojan infecting...
Read more...
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices infected. The malware, dubbed “Adrozek,” adds browser extensions, modifies DLL files, and inserts ads into web pages and search results. Perhaps it is time to run a malware scan, eh? The family of browser-modifying malware called Adrozek is quite the little bugger as far as malware goes. It affects multiple different browsers, such as Microsoft Edge, Google...
Read more...
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure.” A couple of weeks ago, U.S Military Cyber Command was able to attack Trickbot’s servers. Microsoft, on the other hand, reports they were able to disable them entirely. Microsoft identified 69 servers used for Trickbot and was able to disable 62 for command-and-control. The seven other servers were "internet of things" (IoT) devices...
Read more...
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes, or purchase orders, as shown below.” These emails contain malicious Word documents that load up scripts and ruin your day. BleepingComputer reports that “With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs...
Read more...
We are all adapting to life amid a pandemic, with many people working from home as COVID-19 continues to spread. But it is not just newfound telecommuters who are adapting. So are malware authors, who are changing their lures in attempts to hook victims through phishing emails. New data suggests that Microsoft is now the top brand used in phishing attacks. This is a notable shift, as before the pandemic, Microsoft was the fifth most popular brand using in phishing schemes. However, it now accounts for nearly a fifth of all phishing attempts, with almost triple the number of such attacks using Microsoft as a lure, compared to before. And it is directly related to threat actors looking to capitalize...
Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself. Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware...
Read more...
When someone thinks of malware, the usual thought is an EXE file containing offending code that is downloaded to a target machine and executed by the user. However, a team at SecureList is trying to make people aware that an incredibly persistent malware framework can exist within a PC's UEFI firmware. The team, consisting of Mark Lechtik, Igor Kuznetsov, and Yury Parshin, found that a malware framework in the UEFI was used “in a series of targeted attacks pointed towards diplomats and members of an NGO from Africa, Asia, and Europe, all showing ties in their activity to North Korea.” UEFI attacks are not necessarily new, but they are not often seen in the wild. As the SecureList...
Read more...
Oh great, as if 2020 has not been challenging enough already, the latest Digital Defense Report from Microsoft outlines some troubling cybersecurity trends. Threat actors are "rapidly" increasing the sophistication of their cyberattacks, ultimately making them more difficult to detect, and more likely to trick "even the savviest targets." "For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,"...
Read more...
Some people may say, “Don't talk to me until I have had my coffee,” but what if they could not have coffee because of a ransomware attack? According to a researcher at Avast, IoT devices, such as smart coffee makers, can be vulnerable to attacks. Security researcher Martin Hron remarks “firmware is a new software,” and that software can be exploited. Typically, smart IoT devices have firmware onboard that is used with an API, while users expect that not too much harm can come from the API and firmware. This is not the case, as Hron states “We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without...
Read more...
Malware known as Joker is no laughing matter, especially if you have downloaded an infected app that could bring its payload. The Zscaler ThreatLabZ research team recently discovered seventeen Android apps with Joker malware. These particular apps were stealing device information, contacts lists, and SMS messages and signing unsuspecting users up for wireless application protocol (WAP) services. Joker malware has existed for several years, but is still quite persistent. The Zscaler ThreatLabZ research team found seventeen suspicious apps in the Google Play store. The apps were uploaded to Google Play this month and were downloaded over 120,000 times. Google has since removed the following apps:...
Read more...
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC. Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows...
Read more...
Traditionally, Macs weren't often a target for malware campaigns given their relatively small share of the overall computing market. This notion has changed over the years, however, but Apple has fought back with increased security procedures like an app approval process called notarization. Unfortunately, malware has now been discovered in notarized code and is able to be executed as a normal program. First off, an important note is that Macs can get malware, but it has to be specially designed. When Apple said that Macs cannot get malware, it was only true because of the specific design caveat. “Even back in 2012, thanks to Java, cross-platform malware could be found targeting both...
Read more...
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all...
Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We...
Read more...
New Android malware has surfaced that has an extensive range of data theft capabilities. BlackRock, as the malware is known, has targeted 337 Android applications. The threat was first seen in May and was discovered by security research firm ThreatFabric. According to the research firm, BlackRock is derived from the code of Xerxes banking malware. Xerxes itself is a strain of the LokiBot Android banking trojan. The code for Xerxes malware was made public around May 2019. The big news for BlackRock is that it has additional features compared to both of its ancestors. Its additional features are particularly focused on the theft of passwords and credit card information. Functionally, BlackRock...
Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients...
Read more...
The researchers at Check Point Security are warning about a new strain of the Joker Dropper malware that has found its way into the Google Play Store (again). Unfortunately for unassuming Android users, Joker is a rather old piece of malware dating back to 2017, which keeps "reinventing" itself to circumvent security protections put in place by Google. The latest version of Joker is using nefarious means to subscribe its Android victims to premium services, which pads their monthly cell phone bills with additional charges. In this latest iteration, Joker hides its code in the Android manifest file for an app. By going this route, Joker doesn’t need to access a command and control (C&C)...
Read more...
Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior." However, this isn't the first time that the TikTok app has...
Read more...
A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert. The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows...
Read more...
A third-party security team uncovered a massive ring of Chrome spyware extensions that were all working together. The nefarious extensions had been downloaded a total of over 32 million times and impacted millions of Chrome browsers. The researchers at Awake Security are coming forward after they informed Google of the Chrome spyware ring, and after Google removed over 70 identified extensions from the official Chrome Web Store last month. A Google spokesman said that after extensions are removed from the Web Store that violate policies, the incidents are used as training material to improve the automated and manual analysis systems. Most of the illegitimate extensions discovered by the researchers...
Read more...
Security researchers have found a new vulnerability that impacts almost every version of the Android operating system. The vulnerability is called Strandhogg 2.0, and it could allow malware to impersonate legitimate apps to steal passwords and other sensitive data from user devices. Strandhogg 2.0 impacts every device running Android 9.0 or earlier. Security researchers have dubbed the vulnerability the "evil twin" to the earlier vulnerability of the same name. Both bugs were discovered by a security firm called Promon. Strandhogg 2.0 tricks victims into thinking they are entering their passwords on a legitimate app while they are instead interacting with a malicious overlay. The bug is also...
Read more...
Malware is something that computer users have fought since the dawn of the computer age it seems. Hackers who use malware to try breach networks and user data have evolved some pretty sophisticated methods as of late. Late this week, Microsoft Security Intelligence has announced via Twitter that it's tracking a "massive campaign" that delivers a malicious payload including the remote control access tool, NetSupport Manager, using emails with an attachment that contains malicious Excel 4.0 spreadsheet macros. The email campaign tries to fool users into opening an attachment that contains Excel pages that are COVID-19 themed and full of what appears to be statistics. We’re tracking a...
Read more...
