Items tagged with trojan
We've discussed the rather nasty xHelper malware on a number of occasions here at HotHardware, and it's a rather insidious trojan. XHelper first started making the rounds via the Google Play Store roughly a year ago, and by October 2019, over 45,000 Android devices had fallen victim to its tainted tentacles. As of now, that number has surpassed 50,000. The folks over at Kaspersky have performed a rather thorough analysis of xHelper, which manifests itself in Trojan-Dropper.AndroidOS.Helper.h and is typically distributed via apps that claim to clean your smartphone or boost its performance. However, once the payload is downloaded, decrypted, installed, and then launched on a device, it then...
Read more...
Android Trojan xHelper haunted the Google Play Store in 2019. After several months, it appeared that the malware had disappeared. Unfortunately, xHelper was not dead but only sleeping. Security researchers at Malwarebytes Lab recently discovered that xHelper was once again infecting devices and that its reinfection seemed to be triggering off from Google Play. Android Trojan xHelper first appeared in Spring 2019 and infected over 45,000 devices. xHelper targeted users in India, the United States, and Russia. It is a malware dropper whose main purpose is to provide a backdoor to attackers. The attackers can then install other apps, steal data, or even take over the device. A Malwarebyte forum...
Read more...
A new trojan has been spotted that is called Emotet. The trojan is described as highly sophisticated and it serves as a loader for other malware or ransomware once installed on a system. The key function of Emotet is that it can deliver custom modules or plugins that are designed for specific tasks. Those tasks include things like stealing Outlook contacts or spreading over a LAN. Recently, Binary Defense discovered a new loader type that takes advantage of the wlanAPI interface to enumerate all WiFi networks in the area. It will then attempt to spread to those networks and infect all the devices it can as it spreads. The protocol for the trojan is based on Google's Protobufs to serialize data...
Read more...
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware. The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data. Other functions that the software can perform include...
Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary...
Read more...
Microsoft's Windows Defender was working hard this week, and according to Microsoft, just before noon on March 6 the AV suite put the brakes on 80,000 instances of several sophisticated trojans. These trojans were especially dastardly because they had advanced cross-process injection techniques, persistence mechanisms, and evasion methods. All the trojans are new versions of Dofoil (also known as Smoke Loader) and they carry a coin miner payload. Microsoft wrote, "Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters." Microsoft notes that Windows Defender AV flagged the "unusual persistence...
Read more...
It seems like we have had to report on some major new hack or threat every week as of late. Black-Hat Hackers are becoming more sophisticated, while their wares are becoming more diverse and complicated. One of the latest pieces of malware, the nasty Rex Linux Trojan, packs in DDoS attacks, ransomware, and a Bitcoin miner. Stu Gorton, CEO and Co-Founder of Forkbombus Labs, disclosed a new kind of ransomware that targeted Drupal websites this past May in an interview with Softpedia. It was not particularly effective and could easily be defeated. This particular ransomware has evolved in the last three months, however, and now is far more dangerous. The malware is developed in Go, Google’s...
Read more...
When people think about Internet security, they still think of the various bugs, flaws, and malware that pervade the online world as a Windows problem. Macs have long enjoyed special status thanks to limited market share, while smartphones aren't generally considered to be an attack vector, no matter which OS you prefer. That's clearly changing -- a new report from Palo Alto Networks illustrates how a new Trojan they call WireLurker doesn't just infect iOS devices -- it relies on Mac OS X vulnerabilities to do so. WireLurker contains a bevy of firsts and achievements. It's the largest malware to rely on repackaged OS X applications, the first to automate the generation of malicious iOS applications,...
Read more...
Avast, makers of the self-titled free antivirus software (along with paid Internet security suites), has discovered that the "Tinba Banker" Trojan is back in circulation, and this time it's targeting more than two dozen financial institutions in the United States. There are some big names among them, including Bank of America, HSBC, TD Bank, Chase, Wells Fargo, PNC, and more. This nasty piece of malware sneaks its way onto customer PCs through the Rig Exploit kit, which takes advantage of Flash or Silverlight exploits. Unfortunately for the victim, he or she can fall prey to the Trojan simply by visiting a banking site that's been infected with the Rig Exploit kit. Don't just walk, but run away...
Read more...
Bitcoin digital currency is somewhat controversial as many people are just completely confused by it, but that hasn’t stopped Bitcoin from being used around the world--nor has it protected the currency from cybercriminals. SecureMac detailed the discovery of a Trojan called OSX/CoinThief.A that specifically targets Apple computers running Mac OS X. “The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web browsing traffic in order to steal login credentials for Bitcoin wallets,” reads the post. Image Source, above: Flickr (antanacoins); Inset, via Ross Burgess The malicious app that facilitates...
Read more...
The Hand of Thief Trojan made waves among security experts when RSA first announced the for-sale malware. But now that RSA has had a chance to run additional analysis, the security arm of EMC is toning down its alert. It seems that the Hand of Thief is basically a prototype. The only people getting swindled at the moment is the would-be evil genius who buys this broken malware. RSA doesn’t see the Hand of Thief Trojan as a major threat at the moment, but the developer plans improvements. Image credit: RSA As it stands, the Hand of Thief Trojan isn’t stable. According to RSA, the software has trouble stealing the data it’s meant to steal, and it can crash your Web browser –...
Read more...
Linux users have long been able to claim that their platform of choice is about as safe as an OS can get, but that sentiment is getting a little harder to side with thanks to the recent discovery of the 'Hand of Thief' trojan - it's a bad one, so listen up. Hand of Thief's goal is to lead you to financial ruin by stealing sensitive information that you input into forms on supported Web browsers (Firefox and Chrome lead the pack here), such as those that you will use on banking websites. Hand of Thief's developers aren't going to be the ones milking your bank account dry, however. Instead, they're going to be selling licenses of the trojan to those who will. Current pricing is $2,000 with free...
Read more...
As the world shifts to mobile, hackers are adapting their strategies. According to Kaspersky Labs, the security firm just discovered a successful campaign by unknown hackers to target malware at a group of Android phone users. The target: Tibetan activists. The Conference app is malware. Image credit: Forbes The key to getting the attack off the ground was gaining access to the email of a well-known activist and then using that account to send malware-loaded emails to other activists. Once the attachment was opened on an Android phone, the Trojan would gather contacts and other data and send it to a server in Los Angeles. According to Forbes, the attachment was called “WUC’s...
Read more...
Time and time again, we're reminded that Windows isn't the only operating system that malware writers target. It's the most popular platform for malware, sure, but it's not the only one. If you're a Mac user, don't let your guard down, and be especially leery of browsers plug-ins you run into, especially those that claim they're required to view a video. Install the wrong one and you'll end up infected with an adware Trojan. Security researchers at Doctor Web recently discovered Trojan.Yontoo.1, which masquerades as a critical browser plug-in on malicious movie trailer pages. Users are prompted to install the plug-in to view the trailer, at which point they're redirected to another site where...
Read more...
On Friday, security firm Symantec discovered a Trojan called Backdoor.Makadocs, which in typical backdoor Trojan fashion accesses a compromised system and attempts to swipe data from it. The interesting bit is that it uses Google Docs as a proxy server to get around firewalls and connect to a C&C server, instead of attempting to connect directly. Using social engineering tactics to engage a user’s interest in the file, the Trojan arrives as a Rich Text Format (RTF) or Microsoft Word document; when a user opens it, the payload is delivered. Essentially all versions of Windows are affected, from Windows 95 to Windows 7 (and Windows Server 2003 and 2008), and now Symantec says that the...
Read more...
There seems to be a recurring phenomenon in the technology press, where any trojan that affects Linux or Macs becomes front page news. On the other hand, trojans that affect Windows are mostly ignored, perhaps because this is considered to be the normal state of affairs. There are two common statements made in the discussions of these rare events: 1, No operating system will ever be secure from Trojans and 2, Linux/Mac only have fewer viruses because no one uses them. The first statement is almost correct, whereas the second one is a flat out myth in my opinion. Let me explain, and I’ll listen if you still disagree after reading the following in its entirety. ...
Read more...
There seems to be a recurring phenomenon in the technology press, where any trojan that affects Linux or Macs becomes front page news. On the other hand, trojans that affect Windows are mostly ignored, perhaps because this is considered to be the normal state of affairs. There are two common statements made in the discussions of these rare events: No operating system will ever be secure from Trojans. Linux/Mac only have fewer viruses because no one uses them. The first statement is almost correct, whereas the second one is a flat out myth in my opinion. Let me explain, and I’ll listen if you still disagree after reading the following in its entirety. 1. ...
Read more...
No one is arguing that Windows isn’t the biggest target for malware writers, but it’s starting to look like Microsoft’s OS isn’t alone. Threats for the Mac have made the occasional headline, and a new Trojan is making the rounds on both Mac and Linux. That’s right: a cross-platform virus. Wirenet, as it’s being called by Dr. Web (the Russian security company that discovered the malware), is designed to steal passwords. The bug goes after passwords stored in popular Internet browsers and sends them to a server, encrypted with AES. According to Dr. Web, the Trojan can pull passwords from stored password lists and also function as a keylogger. Targeted applications...
Read more...
For years, Apple has propogated the myth that its computers were inherently secure thanks to its BSD roots, inherently better security management, or because Steve Jobs sacrificed puppies under the new moon to keep your platform safe. This created a dangerous perception that Macs were immune to viruses, trojans, or man-in-the-middle attacks. In reality, Apple has always benefited from security through obscurity -- when 90% or more of the world runs on PCs, PCs are the platforms hackers target. Apple has now quietly acknowledged this fact with a few judicious updates to its Max OS X page. The first change is to the side bar, where Apple's TL,DR benefit explanation is posted. We've gone from flat...
Read more...
Apple can't be too happy about having that Flashback malware news hit over half a million Mac users, and on a percentage basis, that's pretty extreme. But now, hopefully, the past can be the past. A new update in OS X Software Update patches Java, enabling the program (on Lion machines) to stop automatically executing Java applets. Users can still override the new default, and of course, this security patch "removes the most common variants of the Flashback malware." If you've been dealing with the issue, or just cautious not to get it, this update looks like one you shouldn't avoid....
Read more...
While many have dogmatically adhered to the idea that Macs are impervious to malware, some experts have been warning that it was only a matter of time before the Apple systems were hit with significant bugs. Findings like the one from Doctor Web late yesterday confirm that indeed, the malware threat looms large for Mac users. According to Doctor Web, a Russian antivirus vendor, 600,000 Macs were part of the BackDoor.Flashback.39 botnet. (Originally, the company reported the number at 550,000, but a Twitter post later upped it to over 600,000.) The Flashback Trojan isn’t especially new; variants have been around since at least September 2011, but like all good malware, it’s been evolving....
Read more...
A well-known German hacker group has accused the German government of releasing a Trojan horse program into the wild. According to the Chaos Computer Club, the program is the stuff of political fiction: it was designed to allow the government to spy on its citizens. The CCC released its findings on its website, in the form of a 20-page PDF file (in German), along with an accompanying post in English. In part, the CCC said the following, "The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone...
Read more...
