Items tagged with Malware
Those who enjoy streaming movies and television shows on their devices should always be cautious when downloading content. It has been revealed that several third-party Kodi add-ons for Windows and Linux contained cryptocurrency malware. The cryptocurrency miner is difficult to uncover and is believed to have infected nearly 4,700 users. ESET, a Slovak IT security company, discovered that Windows and Linux Kodi users who downloaded the third-party add-ons Bubbles, Gaia, and XvBMC, were the targets of the malware campaign. The add-ons contain malicious code that mines the cryptocurrency Monero (XMR). It is believed that the criminals have been able to mine 62 Monero coins or over $7,000...
Read more...
When it comes to Android smartphones, one of the biggest advantages that they have over iOS-based iPhones is the ability to access external storage in addition to their onboard storage allotment. Take the Galaxy Note 9 for example; it is available with up to 512GB of internal storage and can also access up to 512GB of microSD storage, giving users up to 1TB in their pockets. However, Android apps often handle external storage poorly, leaving users vulnerable to exploits according to new research by Check Point. These exploits are being labeled as “man-in-the-disk” attacks, which could lead to the installation of malicious apps, the injection of harmful code, and denial of service...
Read more...
Fortnite is currently the hottest game in the world and appeals to a wide spectrum of gamers both young and old. However, its immense popularity also means that it is often the target of malware authors and scammers. That became readily apparent over the past few weeks by Rainway CEO Andrew Sampson. Sampson wrote in a blog post that his company began tracking "hundreds of thousands of error reports" starting on June 26th via its web-based game streaming platform. The errors related to calls to various ad platforms according to Sampson, which was peculiar given that Rainway doesn't have ads. "We ruled out immediately that we had been compromised in some way and began...
Read more...
Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before. Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping...
Read more...
Researchers have discovered a new strain of malware for Android devices that combines different styles of attack into a single package. Called MysteryBot, the new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time. Initially, the researchers thought they were looking at a revised version of LokiBot, a banking Trojan that targets Android devices. But upon closer examination, they discovered there was much more taking place. "During investigation of its network...
Read more...
It's not often that the US Justice Department or FBI pleads with the public to do something, so when this happens, it's worth paying attention. This past week, the agency managed to thwart a botnet called VPNFilter by deactivating a domain that would have sent further instructions to routers belonging to ordinary folk like you and me. A problem still remains, though, and it's the one the these agencies want help with. Even though the malicious domain was killed off, thousands of home routers remain infected with the malware that made them susceptible to that kind of attack to begin with. Because the bug is severe enough, router vendors have been issuing firmware updates to remedy the...
Read more...
The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices. Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build by several notable brands, including Linksys, MikroTik, Netgear, and TP-Link in the small and home...
Read more...
Over 1,000 North Korean citizens try to defect to South Korea each and every year, and for each of them, the sudden sense of freedom must feel overwhelming. Naturally, North Korea isn't happy with anyone who decides to leave, and the country certainly has the means to seek out and track those who've done so. While the country may not send out investigators to follow everyone who defects, the North Korean government has other creative ways to keep tabs on its former citizens, including creating its own sophisticated malware. More specifically, this mobile device malware will read your personal information, and even upload your photos to a remote cloud server. Clearly, if you want to defect...
Read more...
If you use Facebook Messenger, hate malware, and always click on links you're sent without a second thought, then you're going to want to exercise more caution moving forward. A new strain of malware has been making the rounds since March, and depending on how you view things, the effect of "Nigelthorn" is somewhat smashing! This latest malware is named after the Nigel Thornberry character in the popular The Wild Thornberrys cartoon, and while it might seem like an odd choice, it was done because the malware works by exploiting the 'Nigelify' browser extension that changes pictures into an image of the character. Other extensions are affected as well, but not with the same reach as Nigelify....
Read more...
If your Android phone has suddenly started bombarding you with advertisements, you might the victim of malware, and specifically a strain that recently infiltrated Google Play by disguising itself as a bunch of handy utilities. Researchers at security firm Sophos discovered the tricky malware, saying that infected apps amassed over half a million downloads before Google removed them. Six of the booby-trapped apps claimed to be QR code readers, while another billed itself as a smart compass. All of them actually worked as advertised. To further mask the scent of foul play, the hidden adware in each of the infected apps would not fire up right way, "lurking innocently for a few hours before unleashing...
Read more...
Google's Android operating is often seen as having a bad reputation with regards to security. We often hear about malware coursing its way through the Google Play Store that can hijack your smartphone, but Google is here to tell us that Android is secure -- or rather, it is at least as secure as Apple’s iOS. With over 2 billion devices actively running Android, securing the wide variety and types of devices can be a challenge. But Google says that "Android security made a significant leap forward in 2017 and many of our protections now lead the industry." Google lays out its long-running efforts to fortify Android's defenses in a 56-page report when you can find here [PDF]. Rather than...
Read more...
Microsoft Report Details Cryptocurrency Mining Malware Epidemic, 644,000 Unique PCs Affected Monthly
It seems that everyone and their uncle is mining cryptocurrency these days. That is a topic in and of itself, but what's disturbing is even if you are not knowingly mining virtual coins, you might still be mining...for someone else. Crypto-jacking has emerged as a form of malware, whereby a website or app sneakily injects a 'miner' onto your device so that a remote attacker can tap into your phone or PC's resources for profit. Microsoft's security team did some digging into the situation and found some interesting trends related to this growing threat. To be clear, Microsoft is not against the concept of cryptocurrency, or at least that is not how the report is framed. Microsoft says cybercriminals...
Read more...
Security researchers at Kaspersky Lab have discovered a rather nasty malware strain that has been hiding in certain wireless routers for over half a decade. Called Slingshot, the security researchers who discovered the malicious code believe the malware is part of a sophisticated cyberespionage campaign. The malware is present in certain routers manufactured by MicroTik, though Kaspersky says it might also be affecting models by other brands as well. Part of what makes Slingshot particularly dangerous is that it uses a trick to run in kernel mode. This is almost impossible do to in updated operating systems, though Slingshot manages the feat by searching computers for signed vulnerable drivers,...
Read more...
Everyone seems to be trying to strike it rich with cryptocurrency, so it's no surprise that "drive-by cryptomining" has become a thing. If you're not aware, drive-by cryptomining is when a site injects a device with JavaScript code for the purposes of mining cryptocurrency, usually Monero (Coinhive launched a service that is widely utilized for this purpose) and without the user's knowledge or consent. It's a growing problem that is already affecting millions of mobile devices., mostly Android. Image Source: Flickr via Rob Bulmahn "In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices...
Read more...
