Items tagged with Malware

Contrary to some beliefs, mobile devices are vulnerable to malware, such as recent spyware that was posing as an Android system update. Today, researchers have disclosed a new piece of mobile malware that hides in a fake application and is spreading itself through WhatsApp. This is just the latest reminder that people need to be more careful about the links they click and the apps they download on any device. The fake application, called “FlixOnline,” was discovered in the Google Play store by researchers at Check Point Research. It was found that if any user downloaded the app and granted the requested permissions, the malware then automatically replies to a victim’s WhatsApp... Read more...
Don't blindly click that link or assume the notification about a system update that you received is real. Zero-day exploits in popular server applications like Solarwinds and Exchange may grab headlines, but the biggest problems most users face with tech security are of the socially-engineered variety. That's the case once again this week, as new malware for Android poses as a security update, but the payload is much darker. According to security firm Zimperium, that supposed critical patch could really be malware that steals messages and personal data, or even takes over the phone entirely.  Zimperium first detected a new System Update malware because the application's behaviors triggered... Read more...
If there is one thing I learned from cartoons in the 1980s, it is that knowing is the half the battle. Thank you G.I. Joe for that tidbit. Fast forward several decades later and that lesson is playing out right before our very eyes, in relation to another malware strain that is able to run natively on Apple's fancy new custom M1 processor. Apple knows about it and has taken steps to stop it from spreading (more on that in a bit). Apple is embarking on a two-year transition phase, in which it is moving completely away from using Intel's CPUs in its Mac systems, in favor of in-house designs based on Arm. The first of those is the M1 chip. We have already spent some hands-on time with the M1 as... Read more...
Apple is embarking on a two-year plan to transition away from using Intel processors across its laptop and desktop families, in favor of its own Arm-based silicon. The venture begins with the M1, an impressive piece of hardware that is generally garnering favorable reviews (including our own Mac mini 2020 review with an M1 chip inside). However, it's not all peaches and cream—a security researcher has discovered the first bit of malware in the wild that is native to the M1 chip. Patrick Wardle, a former researcher for the US National Security Agency (NSA) and currently an independent macOS security researcher, came upon a malicious Safari browser extension called GoSearch22. It was originally... Read more...
A barcode scanning app for Android with more than 10 million downloads under its belt has been found to be the culprit of unwanted ads and pop-ups when using the default browser. This was not the case prior to the developer dishing out an update in early December. But for some stupid reason, years of goodwill went right down the toilet when the app went from "an innocent scanner to full on malware." The app is called Barcode Scanner, developed by Lavabird LTD. It has been available in the Google Play store for several years, where it amassed millions of downloads and a slightly better than 4-star rating out of nearly 80,000 votes. It was described as a "powerful QR code reader and barcode generator... Read more...
The Great Suspender extension is sounding more like the "The Great Suspension" after actions taken today by Google. But first of all, what is The Great Suspender? Well, it's a browser extension that tames some of Google Chrome's most odious habits. It can automatically deactivate tabs that have been used infrequently (thus cutting down on memory consumption), then reload them right away as you click back to them. This is a feature (Sleeping Tabs) that Microsoft has already implemented in the current stable branch of its Edge browser. However, The Great Suspender has been kicked out of the Chrome Web Store over allegations that it "may contain malware." All links to the popular app have been... Read more...
How many times have you seen a horror movie where the villain and/or monster is defeated, only to rise back up after the heroes let their guard down? It is the blueprint for a boilerplate horror film, and it also describes what seems to be happening with Trickbot, a dastardly botnet that Microsoft and the US Military Cyber Command defeated last year. Or so it seemed. Now it is showing signs of life. Trickbot's demise seemed like a foregone conclusion when, last October, the military's Cyber Command unit executed a coordinated attack on the sinister botnet, which including sending disconnect commands to computers that had been infected. Then Microsoft got in on the action, disabling 62 of the... Read more...
Apple products were once praised as the most secure ecosystem, either by design of Apple's walled garden, excellent marketing tactics, or otherwise.  However, in mid-2020, Apple accidentally approved widespread Mac malware, breaking this reality for many people. Now, another Mac-exclusive malware has been uncovered in Asia, silently mining Monero in the background of macOS user’s devices. The malware, dubbed macOS.OSAMiner, has likely been floating around since at least 2015, packaged with cracked games and software like League of Legends and Microsoft Office. In 2018, SentinelLabs, a cybersecurity firm, caught wind of Chinese forum reports talking about a Monero mining trojan infecting... Read more...
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices infected. The malware, dubbed “Adrozek,” adds browser extensions, modifies DLL files, and inserts ads into web pages and search results. Perhaps it is time to run a malware scan, eh? The family of browser-modifying malware called Adrozek is quite the little bugger as far as malware goes. It affects multiple different browsers, such as Microsoft Edge, Google... Read more...
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure.” A couple of weeks ago, U.S Military Cyber Command was able to attack Trickbot’s servers. Microsoft, on the other hand, reports they were able to disable them entirely. Microsoft identified 69 servers used for Trickbot and was able to disable 62 for command-and-control. The seven other servers were "internet of things" (IoT) devices... Read more...
This month, the Emotet botnet is going trick or treat, and it is only occupied with tricking. Previously, the malware spread by utilizing spam campaigns with Word or Excel files, but the botnet is back after a short hiatus. It is now using email “spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes, or purchase orders, as shown below.” These emails contain malicious Word documents that load up scripts and ruin your day. BleepingComputer reports that “With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs... Read more...
We are all adapting to life amid a pandemic, with many people working from home as COVID-19 continues to spread. But it is not just newfound telecommuters who are adapting. So are malware authors, who are changing their lures in attempts to hook victims through phishing emails. New data suggests that Microsoft is now the top brand used in phishing attacks. This is a notable shift, as before the pandemic, Microsoft was the fifth most popular brand using in phishing schemes. However, it now accounts for nearly a fifth of all phishing attempts, with almost triple the number of such attacks using Microsoft as a lure, compared to before. And it is directly related to threat actors looking to capitalize... Read more...
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself. Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware... Read more...
When someone thinks of malware, the usual thought is an EXE file containing offending code that is downloaded to a target machine and executed by the user. However, a team at SecureList is trying to make people aware that an incredibly persistent malware framework can exist within a PC's UEFI firmware. The team, consisting of Mark Lechtik, Igor Kuznetsov, and Yury Parshin, found that a malware framework in the UEFI was used “in a series of targeted attacks pointed towards diplomats and members of an NGO from Africa, Asia, and Europe, all showing ties in their activity to North Korea.” UEFI attacks are not necessarily new, but they are not often seen in the wild. As the SecureList... Read more...
Oh great, as if 2020 has not been challenging enough already, the latest Digital Defense Report from Microsoft outlines some troubling cybersecurity trends. Threat actors are "rapidly" increasing the sophistication of their cyberattacks, ultimately making them more difficult to detect, and more likely to trick "even the savviest targets." "For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,"... Read more...
Some people may say, “Don't talk to me until I have had my coffee,” but what if they could not have coffee because of a ransomware attack? According to a researcher at Avast, IoT devices, such as smart coffee makers, can be vulnerable to attacks. Security researcher Martin Hron remarks “firmware is a new software,” and that software can be exploited. Typically, smart IoT devices have firmware onboard that is used with an API, while users expect that not too much harm can come from the API and firmware. This is not the case, as Hron states “We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without... Read more...
Malware known as Joker is no laughing matter, especially if you have downloaded an infected app that could bring its payload. The Zscaler ThreatLabZ research team recently discovered seventeen Android apps with Joker malware. These particular apps were stealing device information, contacts lists, and SMS messages and signing unsuspecting users up for wireless application protocol (WAP) services. Joker malware has existed for several years, but is still quite persistent. The Zscaler ThreatLabZ research team found seventeen suspicious apps in the Google Play store. The apps were uploaded to Google Play this month and were downloaded over 120,000 times. Google has since removed the following apps:... Read more...
They say with great power comes great responsibility, and you would think Windows Defender would be incredibly responsible -- at least when it comes to security. As it turns out, however, that Windows Defender shared its “great power” in allowing its command line utility to download potentially malicious files to a Windows PC. Windows Defender, the basic malware protection on any modern Windows PC, also comes packed with another handy feature: a command line interface. The “MpCmdRun.exe” (Microsoft Protection CMD) allows for utilization of security features through command line. Users could scan, trace, and tinker with a variety of commands. Now, in an update to Windows... Read more...
Traditionally, Macs weren't often a target for malware campaigns given their relatively small share of the overall computing market. This notion has changed over the years, however, but Apple has fought back with increased security procedures like an app approval process called notarization. Unfortunately, malware has now been discovered in notarized code and is able to be executed as a normal program. First off, an important note is that Macs can get malware, but it has to be specially designed. When Apple said that Macs cannot get malware, it was only true because of the specific design caveat. “Even back in 2012, thanks to Java, cross-platform malware could be found targeting both... Read more...
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all... Read more...
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings. If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such. "We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We... Read more...
New Android malware has surfaced that has an extensive range of data theft capabilities. BlackRock, as the malware is known, has targeted 337 Android applications. The threat was first seen in May and was discovered by security research firm ThreatFabric. According to the research firm, BlackRock is derived from the code of Xerxes banking malware. Xerxes itself is a strain of the LokiBot Android banking trojan. The code for Xerxes malware was made public around May 2019. The big news for BlackRock is that it has additional features compared to both of its ancestors. Its additional features are particularly focused on the theft of passwords and credit card information. Functionally, BlackRock... Read more...
1 2 3 4 5 Next ... Last