Items tagged with Malware

Microsoft has detailed a new malware strain that's been infecting computers globally since October 2018. The malware is called Dexphot, and while it isn't trying to steal data, it is robbing hardware resources of the infected machines. The people behind Dexphot were using the resources of the infected machines to mine cryptocurrency and generate revenue . Dexphot reached its peak in mid-June of 2019 when the botnet had reached nearly 80,000 infected computers. The botnet has shrunk since then as Microsoft has rolled out countermeasures to improve detection and stop attacks. What stood out about Dexphot was the high level of complexity that the attack employed in its methods and techniques. Dexphot... Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only... Read more...
Anyone who uses WhatsApp—and many people do, with the developers claiming 1.5 billion monthly active users—should make sure they have the latest version installed. Otherwise, they could be susceptible to a critical vulnerability that could allow hackers to infiltrate their text messaging conversations, pictures, and other private information. The vulnerability is listed as CVE-2019-11931. In short, a hacker could remotely compromise a device through WhatsApp by sending over a video file injected with malicious code. All the hacker would need is a phone number of a targeted user. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to... Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary... Read more...
Mobile users can mitigate the risk of falling prey to malware by only downloading apps from reputable app stores. The Play Store is one of them, and it is the largest around for Android, though the risk is not by any means non-existent. Google realizes this, and has forged an App Defense Appliance with ESET, Lookout, and Zimperium. Part of the ongoing problem with the Play Store is its sheer size makes it an attractive target for miscreants, as well as the number of Android devices in the wild. According to Google, the Android ecosystem consists of more than 2.5 billion devices, most with access to the Play Store. This has led to a proliferation of malware in the Play Store, as we have reported... Read more...
Well, this is an unfortunate turn of events. Back in July, security researchers at Sophos created a proof-of-concept demonstration showing on how easy it would be for an unpatched RDP (Remote Desktop Protocol) server to be compromised by BlueKeep, a wormable Windows bug. Fast forward to today, and it's been discovered BlueKeep is actively being exploited in the wild. BlueKeep is a dangerous remote code execution vulnerability, and it is no longer a theoretical threat. The evidence so far points to affected machines being used to mine cryptocurrency. There could be worse consequences for this type of bug, though hijacking a PC's resources for mining purposes is, at the very least, an annoyance.... Read more...
Google is having a significant problem with malware on the Google Play store with apps that continue to infect tens of thousands of users. Another Android malware app called Xhelper has been thriving on Google Play for the last six months and infected 45,000 devices during that time.  Making Xhelper a more significant threat is the fact that the app itself downloads other threats along with displaying ads. Currently, Xhelper is targeting users in India, the United States, and Russia. Symantec says that Xhelper is part of a surge in apps that can hide from users, download additional malicious apps, and display ads. Frustrating users even more is the fact that Xhelper is persistent and... Read more...
Security researchers discovered 17 malicious iPhone apps that managed to get through Apple's review process and land on the App Store. The infected apps, which have now been removed, had been infected with clicker trojan malware "designed to carry out ad fraud related tasks in the background," such as clicking on links and continuously opening webpages. "The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network," researchers at security firm Wandera state in a blog post. All of the apps came from the same... Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely.... Read more...
The battle against malware never ends. Nearly 200 harmful apps were discovered in the Google Play Store in September 2019. These apps were installed by over 335 million users. Most of the harmful ads contained malicious or misleading malware. These apps were downloaded by more than 300 million people. Google removed 46 apps alone from Chinese developer iHandy. Most of their apps feature tools for selfies, security and antivirus utilities, keyboards, horoscopes, emoji, and health. The developer claims that they attract more than 180 million monthly users. Google noted that the apps included “deceptive or disruptive” ads, which violates their policies. The apps even drained users' batteries... Read more...
Malware has been a common problem within the Google Play Store, and two apps that have run a malicious adware scheme have been the latest to get the boot. The apps have been raking in the cash for their authors, but have consequently been putting the people who have downloaded them through living hell. The first of the app is called Sun Pro Beauty Camera, and it amassed over 1 million downloads since it first appeared on the Play Store. The second app, Funny Sweet Beauty Camera, which was created by the same developer, garnered in excess of 500,000 downloads. Not only would the apps display intrusive ads that were hard or nearly impossible to close out (even when the apps in question were... Read more...
The latest “Joker” spyware is no laughing matter as it can easily compromise a lot of the personal data you keep on your phone. Researchers recently discovered spyware that can access your SMS messages, contact list and other information. The spyware was found in over 24 Android apps on Google Play and has infected nearly 500,000 users. The “Joker” spyware was originally detected this past June and was named after one of its command-and-control (C2) domain names. It can gain access to a victim’s SMS messages, contacts list, and other specific device information. It can also sign victims up for premium subscription services without their knowledge. The Joker is able... Read more...
Earlier this week, you brought you the news of an unfortunate turn of events that resulted in the popular app CamScanner being removed from the Google Play Store. The app, which can create PDF documents, is developed by CC Intelligence and has been downloaded over 100 million times. The problem came into play when users began getting bombarded with "unwanted features" and advertisements that took over their smartphone's display. The folks at Kaspersky Lab were able to determine that the CamScanner was carrying a malicious module dubbed Trojan-Dropper.AndroidOS.Necro.n, which was serving intrusive ads to users. After staying mum on the situation for most of the week, CamScanner's developers... Read more...
There's trouble brewing in the Google Play Store... again. This time the threat comes from CamScanner, which for quite some time has been a popular app that allows Android users to create PDF documents using optical character recognition (OCR) technology. The app was developed by Chinese firm CC Intelligence. However, in recent weeks, it appears that CamScanner has taken a turn for the worse, and has unleashed a malware campaign on unsuspecting Android users. CamScanner had previously used in-app ads and in-app purchases for its monetization efforts, but recent versions of the app have included a new advertising library tainted with a trojan. The malicious module has been identified... Read more...
Prev 1 2 3 4 5 Next ... Last