Items tagged with Malware
Imagine hitting it off with a love (or lust) interest, and then finding out the person who grabbed your attention never existed, at least not in the way you thought. Such a situation recently happened to hundreds of Israeli soldiers who fell prey to a "honey trap" campaign and contracted digital infections on their mobile phones. Hamas cyber militants made a bunch of fake profiles on various social media sites and chat services, including Facebook, Instagram, WhatsApp, and Telegram, and used pictures of teenage girls for the profile photos to lure soldiers into the scam. Through instant messaging exchanges, soldiers were duped into downloading dating apps containing malware. Hamas created fake...
Read more...
Nearly every device on the market relies on firmware and many devices include multiple components with their own firmware. Manufacturers and developers have begun to focus on protecting system firmware from potential attackers, but peripheral firmware often receives very little attention. Security researchers at Eclypsium recently uncovered unsigned or unverified firmware in devices by companies such as Lenovo, HP, and Dell and were able to successfully attack a server. Many have been aware for quite some time of the dangers of unsigned firmware, but this recent study emphasizes how frequently manufacturers tend to ignore peripherals. Katie Teitler, Senior Analyst at TAG Cyber, remarked, “Software...
Read more...
It's all fun and games until a nasty bit of malware infiltrates your PC and wreaks havoc, right? To quote the late, great Bill Paxton, at that point it's "Game over man! Game over!" Fortunately, common sense computing habits are highly effective. Malware writers can be a clever, however, and security researchers are warning of a particular strain posing as a popular games launcher. The malware in question is called LokiBot. If infected, it can swipe personal data from your PC, including passwords and cryptocurrency information (in case you're still into mining or collecting cryptocurrencies). LokiBot is not new—it's shown up through various means in the past, including a variant that used...
Read more...
Android Trojan xHelper haunted the Google Play Store in 2019. After several months, it appeared that the malware had disappeared. Unfortunately, xHelper was not dead but only sleeping. Security researchers at Malwarebytes Lab recently discovered that xHelper was once again infecting devices and that its reinfection seemed to be triggering off from Google Play. Android Trojan xHelper first appeared in Spring 2019 and infected over 45,000 devices. xHelper targeted users in India, the United States, and Russia. It is a malware dropper whose main purpose is to provide a backdoor to attackers. The attackers can then install other apps, steal data, or even take over the device. A Malwarebyte forum...
Read more...
A new trojan has been spotted that is called Emotet. The trojan is described as highly sophisticated and it serves as a loader for other malware or ransomware once installed on a system. The key function of Emotet is that it can deliver custom modules or plugins that are designed for specific tasks. Those tasks include things like stealing Outlook contacts or spreading over a LAN. Recently, Binary Defense discovered a new loader type that takes advantage of the wlanAPI interface to enumerate all WiFi networks in the area. It will then attempt to spread to those networks and infect all the devices it can as it spreads. The protocol for the trojan is based on Google's Protobufs to serialize data...
Read more...
Get a Mac, they said. It will be fun, they said. But what they did not tell you is that Macs are not immune to malware, contrary to what some people might think. It has to be less of a risk though, right? Maybe, maybe not. A new security report indicates that malware threats on the Mac increased a whopping 400 percent in 2019. The exponential increase resulted in Mac systems being twice as susceptible to malware threats as Windows-based PCs. Surprised? Admittedly, so are we. "Mac threats increased exponentially in comparison to those against Windows PCs. While overall volume of Mac threats increased year-over-year by more than 400 percent, that number is somewhat impacted by a larger Malwarebytes...
Read more...
Anyone whoever required proof that malware didn't have to be sophisticated to be prolific should look at the macOS malware known as Shlayer. The malware found its way onto the victim computers by tricking them into installing a fake Adobe Flash update. The malware lures the users to install the fake Flash Player update by promising pirated videos, which are also said to be fake. Despite the simple attack method, Shlayer continues to be so common that it's the number one threat encountered by macOS users of Kaspersky antivirus software. The malware first surfaced in February 2018. Since that debut, about 32,000 variants have been collected by researchers at Kaspersky, along with 143...
Read more...
A government program designed to help low income individuals own a smartphone might be dealing participants more than they bargained for. Or more specifically, security researchers warn that the government-subsidized smartphone provided by Virgin Mobile's Lifeline Assurance Wireless program contains multiple instances of malware. At the heart of the controversy is the Unimax (UMX) U686CL. It is a low-end Android device that is said to cost just $35 to qualifying participants, though at the time of this writing, I can't find the handset at the Assurance Wireless online store. The next closest model is the Unimax U683CL, listed for $39. Researchers at Malwarebytes say they obtained the U686CL to...
Read more...
Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds. The malware is called StrandHogg, and there are couple of things that make it extra concerning. One is that all versions of Android are affected, including Android 10, which is the latest build. And secondly, researchers say StrandHogg allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. "The...
Read more...
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware. The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data. Other functions that the software can perform include...
Read more...
Microsoft has detailed a new malware strain that's been infecting computers globally since October 2018. The malware is called Dexphot, and while it isn't trying to steal data, it is robbing hardware resources of the infected machines. The people behind Dexphot were using the resources of the infected machines to mine cryptocurrency and generate revenue . Dexphot reached its peak in mid-June of 2019 when the botnet had reached nearly 80,000 infected computers. The botnet has shrunk since then as Microsoft has rolled out countermeasures to improve detection and stop attacks. What stood out about Dexphot was the high level of complexity that the attack employed in its methods and techniques. Dexphot...
Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only...
Read more...
Anyone who uses WhatsApp—and many people do, with the developers claiming 1.5 billion monthly active users—should make sure they have the latest version installed. Otherwise, they could be susceptible to a critical vulnerability that could allow hackers to infiltrate their text messaging conversations, pictures, and other private information. The vulnerability is listed as CVE-2019-11931. In short, a hacker could remotely compromise a device through WhatsApp by sending over a video file injected with malicious code. All the hacker would need is a phone number of a targeted user. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to...
Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary...
Read more...
