Items tagged with Malware

When it was found that Microsoft Exchange on-premises was vulnerable to hackers, quite a bit of havoc ensued across a wide range of industries. Since then, the FBI obtained a court order to go in and remove backdoors to hacked servers, but there are likely many hacked Exchange servers still out there. In recent days, researchers have noticed an uptick in DNS queries and new infrastructure and components associated with the Lemon Duck cryptocurrency mining botnet that targeted these vulnerable Exchange servers. In March, Microsoft first caught onto Lemon Duck “adopting different exploit styles and choosing to use a fileless/web shell-less option of direct PowerShell commands” for some... Read more...
Ransomware attacks are on the rise, and both organizations, such as the Washington D.C. Police Department, and individuals like QNAP NAS owners, are being targeted relentlessly. To help combat this, leaders from Amazon, Cisco, FireEye, McAfee, Microsoft, and other firms joined forces with the U.S. Department of Justice, Europol, and the U.K. National Crime Agency to call for an international coalition to fight against ransomware criminals. Simply put, we do not negotiate with terrorists, and this is only an extension of that philosophy. This week, an 81-page report that outlined the Ransomware Task Force and goals of the group was delivered to the Biden administration. It urged the U.S. to lead... Read more...
If you catch the flu, you may be stuck at home or even bedridden for a few days until you get better. If you catch the FluBot malware, you could be at risk of losing sensitive information, such as banking details and personal information. While this malware campaign has not made it across the pond from Europe yet, it could make its way over while wreaking havoc along the way. In late 2020, an Android-based malware was discovered trying to spread itself and capture credit card data. Regardless of the version, the basis for the malware was phishing people with fake links to track packages using reputable names like FedEx and DHL. Once a user clicked a link, it would direct them to download a legitimate-looking... Read more...
The same group of hackers that hit the NBA's Houston Rockets basketball team with a ransomware attack earlier this month has now turned its sights on the police force in Washington, D.C. It is the latest in a string of concerning ransomware attacks aimed at police over the past several weeks, where data leaks can put people's lives in danger. More than just a potentially embarrassing situation, in which private information could be revealed to the public, unscrupulous hackers are also threatening to reveal the identity of police informants to gangs, according to a post on the dark web viewed by The New York Times. In such a scenario, a data dump could conceivably result in actual bodily harm,... Read more...
From time to time, malware will pop up that affects Apple devices which are typically touted as the superior option to other PCs for their security. This happened earlier this year with the mysterious Silver Sparrow malware that caught thousands of M1 Macs. Now, Mac users are being urged to patch again to prevent actively used malware, bypassing many of Apple’s core security measures with ease. File quarantine, Gatekeeper, and Application Notarization are three utilities that have been introduced over the years to help protect users. Effectively, these tools make it so Apple must essentially sign off on all software that could make it to a Mac. If some software somehow managed to sneak... Read more...
When it comes to password management, users really have just a handful of options, and all of them have their caveats. If we choose to just use memorable passwords and recycle them between accounts, one account becoming compromised can lead to a group of them being in a bad state. On the other hand, relying on a cloud service to store passwords puts our security credentials on someone else's servers, and we're subject to whatever tracking those services may entail. Lastly, if we host our own password management solutions, one bad update can leak our credentials to the world. This third option is the story of Click Studios and PasswordState. PasswordState is a self-hosted, as opposed to cloud-hosted,... Read more...
No platform is 100 percent secure, and lest anyone need reminding of that, a Mac malware campaign with Xcode developers in its sights has been modified to infect systems outfitted with Apple's fancy new M1 silicon. The end goal of this particular malware is to rob Mac uses of their cryptocurrencies, by stealing login information related to cryptocurrency apps. The malware is called XCSSET, and it gained prominence in August 2020, when Trend Micro warned of its existence. "This scenario is quite unusual; in this case, malicious code is injected into local Xcode projects so that when the project is built, the malicious code is run. This poses a risk for Xcode developers in particular. The threat... Read more...
Contrary to some beliefs, mobile devices are vulnerable to malware, such as recent spyware that was posing as an Android system update. Today, researchers have disclosed a new piece of mobile malware that hides in a fake application and is spreading itself through WhatsApp. This is just the latest reminder that people need to be more careful about the links they click and the apps they download on any device. The fake application, called “FlixOnline,” was discovered in the Google Play store by researchers at Check Point Research. It was found that if any user downloaded the app and granted the requested permissions, the malware then automatically replies to a victim’s WhatsApp... Read more...
Don't blindly click that link or assume the notification about a system update that you received is real. Zero-day exploits in popular server applications like Solarwinds and Exchange may grab headlines, but the biggest problems most users face with tech security are of the socially-engineered variety. That's the case once again this week, as new malware for Android poses as a security update, but the payload is much darker. According to security firm Zimperium, that supposed critical patch could really be malware that steals messages and personal data, or even takes over the phone entirely.  Zimperium first detected a new System Update malware because the application's behaviors triggered... Read more...
If there is one thing I learned from cartoons in the 1980s, it is that knowing is the half the battle. Thank you G.I. Joe for that tidbit. Fast forward several decades later and that lesson is playing out right before our very eyes, in relation to another malware strain that is able to run natively on Apple's fancy new custom M1 processor. Apple knows about it and has taken steps to stop it from spreading (more on that in a bit). Apple is embarking on a two-year transition phase, in which it is moving completely away from using Intel's CPUs in its Mac systems, in favor of in-house designs based on Arm. The first of those is the M1 chip. We have already spent some hands-on time with the M1 as... Read more...
Apple is embarking on a two-year plan to transition away from using Intel processors across its laptop and desktop families, in favor of its own Arm-based silicon. The venture begins with the M1, an impressive piece of hardware that is generally garnering favorable reviews (including our own Mac mini 2020 review with an M1 chip inside). However, it's not all peaches and cream—a security researcher has discovered the first bit of malware in the wild that is native to the M1 chip. Patrick Wardle, a former researcher for the US National Security Agency (NSA) and currently an independent macOS security researcher, came upon a malicious Safari browser extension called GoSearch22. It was originally... Read more...
A barcode scanning app for Android with more than 10 million downloads under its belt has been found to be the culprit of unwanted ads and pop-ups when using the default browser. This was not the case prior to the developer dishing out an update in early December. But for some stupid reason, years of goodwill went right down the toilet when the app went from "an innocent scanner to full on malware." The app is called Barcode Scanner, developed by Lavabird LTD. It has been available in the Google Play store for several years, where it amassed millions of downloads and a slightly better than 4-star rating out of nearly 80,000 votes. It was described as a "powerful QR code reader and barcode generator... Read more...
The Great Suspender extension is sounding more like the "The Great Suspension" after actions taken today by Google. But first of all, what is The Great Suspender? Well, it's a browser extension that tames some of Google Chrome's most odious habits. It can automatically deactivate tabs that have been used infrequently (thus cutting down on memory consumption), then reload them right away as you click back to them. This is a feature (Sleeping Tabs) that Microsoft has already implemented in the current stable branch of its Edge browser. However, The Great Suspender has been kicked out of the Chrome Web Store over allegations that it "may contain malware." All links to the popular app have been... Read more...
How many times have you seen a horror movie where the villain and/or monster is defeated, only to rise back up after the heroes let their guard down? It is the blueprint for a boilerplate horror film, and it also describes what seems to be happening with Trickbot, a dastardly botnet that Microsoft and the US Military Cyber Command defeated last year. Or so it seemed. Now it is showing signs of life. Trickbot's demise seemed like a foregone conclusion when, last October, the military's Cyber Command unit executed a coordinated attack on the sinister botnet, which including sending disconnect commands to computers that had been infected. Then Microsoft got in on the action, disabling 62 of the... Read more...
Apple products were once praised as the most secure ecosystem, either by design of Apple's walled garden, excellent marketing tactics, or otherwise.  However, in mid-2020, Apple accidentally approved widespread Mac malware, breaking this reality for many people. Now, another Mac-exclusive malware has been uncovered in Asia, silently mining Monero in the background of macOS user’s devices. The malware, dubbed macOS.OSAMiner, has likely been floating around since at least 2015, packaged with cracked games and software like League of Legends and Microsoft Office. In 2018, SentinelLabs, a cybersecurity firm, caught wind of Chinese forum reports talking about a Monero mining trojan infecting... Read more...
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices infected. The malware, dubbed “Adrozek,” adds browser extensions, modifies DLL files, and inserts ads into web pages and search results. Perhaps it is time to run a malware scan, eh? The family of browser-modifying malware called Adrozek is quite the little bugger as far as malware goes. It affects multiple different browsers, such as Microsoft Edge, Google... Read more...
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure.” A couple of weeks ago, U.S Military Cyber Command was able to attack Trickbot’s servers. Microsoft, on the other hand, reports they were able to disable them entirely. Microsoft identified 69 servers used for Trickbot and was able to disable 62 for command-and-control. The seven other servers were "internet of things" (IoT) devices... Read more...
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes, or purchase orders, as shown below.” These emails contain malicious Word documents that load up scripts and ruin your day. BleepingComputer reports that “With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs... Read more...
We are all adapting to life amid a pandemic, with many people working from home as COVID-19 continues to spread. But it is not just newfound telecommuters who are adapting. So are malware authors, who are changing their lures in attempts to hook victims through phishing emails. New data suggests that Microsoft is now the top brand used in phishing attacks. This is a notable shift, as before the pandemic, Microsoft was the fifth most popular brand using in phishing schemes. However, it now accounts for nearly a fifth of all phishing attempts, with almost triple the number of such attacks using Microsoft as a lure, compared to before. And it is directly related to threat actors looking to capitalize... Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself. Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware... Read more...
When someone thinks of malware, the usual thought is an EXE file containing offending code that is downloaded to a target machine and executed by the user. However, a team at SecureList is trying to make people aware that an incredibly persistent malware framework can exist within a PC's UEFI firmware. The team, consisting of Mark Lechtik, Igor Kuznetsov, and Yury Parshin, found that a malware framework in the UEFI was used “in a series of targeted attacks pointed towards diplomats and members of an NGO from Africa, Asia, and Europe, all showing ties in their activity to North Korea.” UEFI attacks are not necessarily new, but they are not often seen in the wild. As the SecureList... Read more...
Oh great, as if 2020 has not been challenging enough already, the latest Digital Defense Report from Microsoft outlines some troubling cybersecurity trends. Threat actors are "rapidly" increasing the sophistication of their cyberattacks, ultimately making them more difficult to detect, and more likely to trick "even the savviest targets." "For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,"... Read more...
1 2 3 4 5 Next ... Last