Items tagged with Malware
Some vultures prey on dead animals, other Vulturs prey on banking information entered on Android devices. In late March of this year, ThreatFabric detected an Android-based remote access trojan (RAT) malware, dubbed Vultur, collecting login credentials. However, the threat actors took a different approach to the thievery by simply recording what is shown on a screen through VNC. As ThreatFabric describes, a “vulture is a large bird of prey that specializes in attacking and feeding on weak and helpless animals,” and they keep their “eyes on their preys for a long time before making a move, which happens only when they are sure the attack is lethal and successful.” The Vultur...
Read more...
Microsoft's Windows 11 operating system is set to debut this October, and understandably, many people are excited about its launch. After all, it's been about six years since the official launch of Windows 10, and people are antsy to see what's next from Microsoft. Unfortunately, scammers are always looking for a way to take advantage of unsuspecting users, and the hype surrounding Windows 11 makes for a perfect opportunity to strike. A new piece of malware has found its way to the internet, and the executable is named 86307_windows 11 build 21996.1 x64 + activator.exe. The download weighs in at 1.75GB, which is about less than half the size of a legit Windows 11 ISO. Fake Windows 11 installer...
Read more...
Over the past few years, the surge in cryptocurrency values has meant that unscrupulous individuals are looking for ways to make money without putting in the hard work. In the case of cryptocurrency malware, the software is installed on unsuspecting computers, forcing them to mine without the victim seeing a single dime in the resulting revenue. Such is the same with LemonDuck, which the Microsoft 365 Defender Threat Intelligence Team is warning about this week. Once LemonDuck malware finds its way onto a target machine, it is swept up into a botnet that mines for cryptocurrencies. What makes LemonDuck so dangerous, however, is that it doesn't just target one platform. Instead, it is viable on...
Read more...
High-reward ransomware appears to be all the rage right now after the REvil hacking group executed the Kaseya attack, encrypting over 1,500 businesses. Now, Saudi Aramco has confirmed a data leak today following an extortionist who demanded $50 million after claiming to have sized a large quantity of data from the world’s largest oil producer. Released today, Aramco’s statement explained that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” While no supplier or contractor was named nor was it explained how the data was lost according to the Financial Times, it seems the company is simply...
Read more...
Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation. Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded...
Read more...
Late last week, it was revealed that a global spyware campaign was targeting politicians, activists, and journalists worldwide. Initially, the company behind the software for spying, NSO Group, was blamed for the data leak and supplying its software to authoritarian regimes. However, NSO Group has since rejected these claims to try and deflect rather than publicly investigate what has happened. Published yesterday, a news article called "Enough Is Enough!" was posted on NSO Group's website. Within this article, the company explained that the spyware concern was a "planned and well-orchestrated media campaign lead by Forbidden Stories" and then "pushed by special interest groups." Subsequently,...
Read more...
Earlier this year, malicious hackers exploited a vulnerability in Microsoft Exchange servers to attack an estimated 30,000 organizations worldwide. Both Microsoft and other organizations were quick to point fingers at Chinese hackers, but the Biden administration, along with U.S allies, are formally blaming China after accusing Bejing of working with the criminal hackers. The announcements, released today, come as both condemnation and warning due to China’s “irresponsible and destabilizing behavior in cyberspace.” Though the country may want to be a responsible world leader, its malicious cyber activity “poses a major threat to U.S. and allies’ economic and national...
Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO Group, could have been sold to authoritarian governments to monitor anywhere up to 50,000 people. Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone...
Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on. Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."...
Read more...
The billing fraud and SMS-stealing malware known as Joker has returned to the Google Play Store after having its ups and downs dating back to 2017. Researchers now say Joker has a new bag of tricks and can avoid Google’s app-vetting process and sneak onto the market. Disguised within legitimate-looking apps, Joker can steal text messages, contact lists, and device information and then subscribe users to unwanted paid and premium services. Thankfully, thousands of Android applications infected with Joker have been taken down from the Google Play Store in the past several years, but it does not seem that this was enough. Since September of 2020, when the last wave of Joker takedowns happened,...
Read more...
Hopefully you are not one of the millions of people who have installed an app called PIP Photo onto your Android device. Why is that? While it may seem like a harmless and handy image editing app, it contains malware designed to covertly swipe a person's login credential for Facebook. Same goes for a handful of other Android apps. Each of the nine malicious apps discovered by researchers at Doctor Web contain a trojan that gets to work trying to trick users into coughing up their Facebook usernames and passwords. What makes the apps potentially effective is that they otherwise work as intended and expected. "The applications were fully functional, which was supposed to weaken the vigilance of...
Read more...
Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit? That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that was signed by Microsoft. After a lot of investigation into the matter, it turns out that the positive...
Read more...
As it goes, crime never pays, and neither does pirating software, as some people on the internet have come to find out. In the last year, there have been reports that popular antivirus programs, like Avast, disappeared from users’ computers. Researchers at the Czech company found that this activity was tied to a new malware called “Crackonosh,” which comes bundled with illegally downloaded copies of popular software. Among many other people, Reddit user /u/Well-oh-well reported that a new Windows 10 laptop booted with an error, restarted, and then came back as normal. After that, however, the “Avast Antivirus shortcut icon was blank and sure enough the avast folder in...
Read more...
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad… Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked...
Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen...
Read more...
Colonial Pipeline was content to fly under the radar as the top fuel pipeline in the United States, but then it was hit by a ransomware attack that severely disrupted operations, and its name was plastered across headlines. Looking to take advantage of the situation and newfound name recognition, hackers are hoping to dupe victims with phishing emails masquerading as required system updates. This is part of the fallout from the attack on a piece of critical infrastructure, and the unwanted notoriety that comes with it. Colonial Pipeline operates over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and seven airports. The attack led to a temporary shortages...
Read more...
Though industrial cyberattacks, such as those on JBS Global or Colonial Pipeline, are on the rise, the problem is not exclusive to businesses. According to new research, consumer cyber threats jumped nearly 83% in 2020. With new types of malware skyrocketing, users now need to be more careful than ever. Today, Atlas VPN extracted some interesting data from Malwarebytes' State of Malware 2021 report that gives insight into the company's malware detections via software globally. The most commonly detected threat was HackTool, a piece of riskware that allows users to use Microsoft software illegally. In 2019, there were only 511,848 detections, whereas, in 2020, there were 11.35 million warnings,...
Read more...
It is time to update macOS devices as a new 0-day has been found that allows malware to bypass privacy protections. The logic bug allowed any app to inherit another app’s permissions to take screenshots or do other activities without the end-user knowing, making this quite concerning. In 2020, malware called XCSSET made an appearance using two 0-day exploits to target Xcode developers and their projects. It would primarily spread using these projects, some of which were shared on GitHub, “leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects,” as researchers at Trend Micro explain. Since the initial discovery, the...
Read more...
When it was found that Microsoft Exchange on-premises was vulnerable to hackers, quite a bit of havoc ensued across a wide range of industries. Since then, the FBI obtained a court order to go in and remove backdoors to hacked servers, but there are likely many hacked Exchange servers still out there. In recent days, researchers have noticed an uptick in DNS queries and new infrastructure and components associated with the Lemon Duck cryptocurrency mining botnet that targeted these vulnerable Exchange servers. In March, Microsoft first caught onto Lemon Duck “adopting different exploit styles and choosing to use a fileless/web shell-less option of direct PowerShell commands” for some...
Read more...
Ransomware attacks are on the rise, and both organizations, such as the Washington D.C. Police Department, and individuals like QNAP NAS owners, are being targeted relentlessly. To help combat this, leaders from Amazon, Cisco, FireEye, McAfee, Microsoft, and other firms joined forces with the U.S. Department of Justice, Europol, and the U.K. National Crime Agency to call for an international coalition to fight against ransomware criminals. Simply put, we do not negotiate with terrorists, and this is only an extension of that philosophy. This week, an 81-page report that outlined the Ransomware Task Force and goals of the group was delivered to the Biden administration. It urged the U.S. to lead...
Read more...
If you catch the flu, you may be stuck at home or even bedridden for a few days until you get better. If you catch the FluBot malware, you could be at risk of losing sensitive information, such as banking details and personal information. While this malware campaign has not made it across the pond from Europe yet, it could make its way over while wreaking havoc along the way. In late 2020, an Android-based malware was discovered trying to spread itself and capture credit card data. Regardless of the version, the basis for the malware was phishing people with fake links to track packages using reputable names like FedEx and DHL. Once a user clicked a link, it would direct them to download a legitimate-looking...
Read more...
The same group of hackers that hit the NBA's Houston Rockets basketball team with a ransomware attack earlier this month has now turned its sights on the police force in Washington, D.C. It is the latest in a string of concerning ransomware attacks aimed at police over the past several weeks, where data leaks can put people's lives in danger. More than just a potentially embarrassing situation, in which private information could be revealed to the public, unscrupulous hackers are also threatening to reveal the identity of police informants to gangs, according to a post on the dark web viewed by The New York Times. In such a scenario, a data dump could conceivably result in actual bodily harm,...
Read more...
