PATREONItems tagged with Malware
Malware-laden apps are nothing new for the Google Play store where Android users go to download apps of all sorts. Google has been heavily criticized over the years for not doing enough to prevent malicious apps from being offered to users via the Google Play Store. This year we have seen a malicious app masquerading as the official Uber app with the intent of stealing real Uber account details. North Korean hackers also created a data-stealing malware app in May with the goal of seeking revenge on defectors. Thirteen game apps were recently identified as being malicious, and together the apps had been installed by over half a million users. The games were all driving simulators with one of them,...
Read more...
It's not common to find free software that appears to be as feature-rich and capable as the commercial competition, but where Windows Defender is concerned, it's arguably one of the best free antivirus and anti-malware solutions out there. Many have come to trust it so much, that they don't even run an additional anti-virus solution, and Microsoft takes that responsibility seriously by constantly iterating on the software's capabilities. In a brand-new Windows Insider build, a massive overhaul of Defender can be found. After years of figuring out the best direction to take Defender, Microsoft decided that implementing sandboxes was the only reasonable route, a technique we've seen used in many...
Read more...
At least for the time being, it looks like the mad rush to buy graphics cards for cryptocurrency mining and leave gamers with overpriced options is in the rear view mirror. That doesn't mean cryptocurrency mining doesn't still present an annoyance in some sectors, though. Security researchers warn that cryptocurrency malware is currently hiding in a fake Adobe Flash update that is making the rounds. Adobe Flash can't disappear fast enough. In the meantime, it continues to present security issues, sometimes directly through discovered vulnerabilities, or in this case preying on the vigilance of users who aim to keep it updated to prevent the very sort of thing caused by the fake and malicious...
Read more...
In recent years, we've seen a number of garden variety consumer electronics devices -- including routers and webcams among others -- that have been sucked into zombie botnets to wreak havoc around the globe. Many of those devices were accessible due to extremely weak passwords that were enacted by default by their manufacturers. California, however, is looking to change this and has passed a law that would require all internet-connected device sold in the state to have a unique "strong" password. This unique password would be obtained in one of two ways as outlined by the "Information Privacy: Connected Devices" bill. Manufacturers can choose to give each individual device...
Read more...
Those who enjoy streaming movies and television shows on their devices should always be cautious when downloading content. It has been revealed that several third-party Kodi add-ons for Windows and Linux contained cryptocurrency malware. The cryptocurrency miner is difficult to uncover and is believed to have infected nearly 4,700 users. ESET, a Slovak IT security company, discovered that Windows and Linux Kodi users who downloaded the third-party add-ons Bubbles, Gaia, and XvBMC, were the targets of the malware campaign. The add-ons contain malicious code that mines the cryptocurrency Monero (XMR). It is believed that the criminals have been able to mine 62 Monero coins or over $7,000...
Read more...
When it comes to Android smartphones, one of the biggest advantages that they have over iOS-based iPhones is the ability to access external storage in addition to their onboard storage allotment. Take the Galaxy Note 9 for example; it is available with up to 512GB of internal storage and can also access up to 512GB of microSD storage, giving users up to 1TB in their pockets. However, Android apps often handle external storage poorly, leaving users vulnerable to exploits according to new research by Check Point. These exploits are being labeled as “man-in-the-disk” attacks, which could lead to the installation of malicious apps, the injection of harmful code, and denial of service...
Read more...
Fortnite is currently the hottest game in the world and appeals to a wide spectrum of gamers both young and old. However, its immense popularity also means that it is often the target of malware authors and scammers. That became readily apparent over the past few weeks by Rainway CEO Andrew Sampson. Sampson wrote in a blog post that his company began tracking "hundreds of thousands of error reports" starting on June 26th via its web-based game streaming platform. The errors related to calls to various ad platforms according to Sampson, which was peculiar given that Rainway doesn't have ads. "We ruled out immediately that we had been compromised in some way and began...
Read more...
Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before. Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping...
Read more...
Researchers have discovered a new strain of malware for Android devices that combines different styles of attack into a single package. Called MysteryBot, the new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time. Initially, the researchers thought they were looking at a revised version of LokiBot, a banking Trojan that targets Android devices. But upon closer examination, they discovered there was much more taking place. "During investigation of its network...
Read more...
It's not often that the US Justice Department or FBI pleads with the public to do something, so when this happens, it's worth paying attention. This past week, the agency managed to thwart a botnet called VPNFilter by deactivating a domain that would have sent further instructions to routers belonging to ordinary folk like you and me. A problem still remains, though, and it's the one the these agencies want help with. Even though the malicious domain was killed off, thousands of home routers remain infected with the malware that made them susceptible to that kind of attack to begin with. Because the bug is severe enough, router vendors have been issuing firmware updates to remedy the...
Read more...
The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices. Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build by several notable brands, including Linksys, MikroTik, Netgear, and TP-Link in the small and home...
Read more...
Over 1,000 North Korean citizens try to defect to South Korea each and every year, and for each of them, the sudden sense of freedom must feel overwhelming. Naturally, North Korea isn't happy with anyone who decides to leave, and the country certainly has the means to seek out and track those who've done so. While the country may not send out investigators to follow everyone who defects, the North Korean government has other creative ways to keep tabs on its former citizens, including creating its own sophisticated malware. More specifically, this mobile device malware will read your personal information, and even upload your photos to a remote cloud server. Clearly, if you want to defect...
Read more...
If you use Facebook Messenger, hate malware, and always click on links you're sent without a second thought, then you're going to want to exercise more caution moving forward. A new strain of malware has been making the rounds since March, and depending on how you view things, the effect of "Nigelthorn" is somewhat smashing! This latest malware is named after the Nigel Thornberry character in the popular The Wild Thornberrys cartoon, and while it might seem like an odd choice, it was done because the malware works by exploiting the 'Nigelify' browser extension that changes pictures into an image of the character. Other extensions are affected as well, but not with the same reach as Nigelify....
Read more...
If your Android phone has suddenly started bombarding you with advertisements, you might the victim of malware, and specifically a strain that recently infiltrated Google Play by disguising itself as a bunch of handy utilities. Researchers at security firm Sophos discovered the tricky malware, saying that infected apps amassed over half a million downloads before Google removed them. Six of the booby-trapped apps claimed to be QR code readers, while another billed itself as a smart compass. All of them actually worked as advertised. To further mask the scent of foul play, the hidden adware in each of the infected apps would not fire up right way, "lurking innocently for a few hours before unleashing...
Read more...
Google's Android operating is often seen as having a bad reputation with regards to security. We often hear about malware coursing its way through the Google Play Store that can hijack your smartphone, but Google is here to tell us that Android is secure -- or rather, it is at least as secure as Apple’s iOS. With over 2 billion devices actively running Android, securing the wide variety and types of devices can be a challenge. But Google says that "Android security made a significant leap forward in 2017 and many of our protections now lead the industry." Google lays out its long-running efforts to fortify Android's defenses in a 56-page report when you can find here [PDF]. Rather than...
Read more...
Microsoft Report Details Cryptocurrency Mining Malware Epidemic, 644,000 Unique PCs Affected Monthly
It seems that everyone and their uncle is mining cryptocurrency these days. That is a topic in and of itself, but what's disturbing is even if you are not knowingly mining virtual coins, you might still be mining...for someone else. Crypto-jacking has emerged as a form of malware, whereby a website or app sneakily injects a 'miner' onto your device so that a remote attacker can tap into your phone or PC's resources for profit. Microsoft's security team did some digging into the situation and found some interesting trends related to this growing threat. To be clear, Microsoft is not against the concept of cryptocurrency, or at least that is not how the report is framed. Microsoft says cybercriminals...
Read more...
Security researchers at Kaspersky Lab have discovered a rather nasty malware strain that has been hiding in certain wireless routers for over half a decade. Called Slingshot, the security researchers who discovered the malicious code believe the malware is part of a sophisticated cyberespionage campaign. The malware is present in certain routers manufactured by MicroTik, though Kaspersky says it might also be affecting models by other brands as well. Part of what makes Slingshot particularly dangerous is that it uses a trick to run in kernel mode. This is almost impossible do to in updated operating systems, though Slingshot manages the feat by searching computers for signed vulnerable drivers,...
Read more...
Everyone seems to be trying to strike it rich with cryptocurrency, so it's no surprise that "drive-by cryptomining" has become a thing. If you're not aware, drive-by cryptomining is when a site injects a device with JavaScript code for the purposes of mining cryptocurrency, usually Monero (Coinhive launched a service that is widely utilized for this purpose) and without the user's knowledge or consent. It's a growing problem that is already affecting millions of mobile devices., mostly Android. Image Source: Flickr via Rob Bulmahn "In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices...
Read more...
It's been roughly a month since the first reports concerning Spectre and Meltdown began appearing on the web. Since that time, hardware and software companies have been working together to release BIOS/microcode updates, software patches, and operating system kernel updates to protect customers. Even though the industry has been pushing out fixes at a rapid rate, malicious actors looking to take advantage of the exploits have also been working overtime. According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware software that is designed to exploit Meltdown and Spectre chip vulnerabilities. AV-TEST goes on to...
Read more...
ATMs can be a blessing and a curse to financial institutions. On the one hand, they can process financial transactions quickly, allowing the machines to serve more people over a span of time than a human teller. However, ATMs are often the target of hackers, many using skimmers to obtain debit card numbers for later nefarious spending sprees. Now, the Secret Service is warning that an existing type of ATM attack, jackpotting, is finally beginning to make its way to the United States. Jackpotting has been prevalent at banking institutions across Europe and Asia, but not so much in the U.S. It involves using malware and a direct physical connection to an ATM to force it to shoot out large sums...
Read more...
It appears that Google's DoubleClick ad network has become the latest target of relentless miners looking to make an extra buck with the Monero cryptocurrency. The revelation comes after TrendMicro observed that the number of active Coinhive miner detections tripled around January 24th. After doing some detective work, it was observed that the increase in traffic was coming from a total of five "malicious domains". Given the immense popularity of the DoubleClick network, it should come as no surprise that enterprising hackers would attempt to exploit it to reach a staggering number of users. In this case, it's said that the countries that were verified as targets of this malicious campaign included...
Read more...
Well this is disturbing—researchers at the Electronic Frontier Foundation (EFF) and mobile security company Lookout have discovered a cyber-espionage campaign that has been operational since 2012 and is aimed at Android users. The campaign, dubbed Dark Caracal, has infected thousands of Android devices in more than 20 countries, resulting in the theft of hundreds of gigabytes of data. The malware that is being doled out as part of Dark Caracal is mostly focused on spoofing secure chat messaging clients on mobile devices. Among them are fake versions of Signal and WhatsApp, which appear to work like their legitimate counterparts, except they are infected with malware. Once installed, cyber...
Read more...
