Items tagged with Malware

The billing fraud and SMS-stealing malware known as Joker has returned to the Google Play Store after having its ups and downs dating back to 2017. Researchers now say Joker has a new bag of tricks and can avoid Google’s app-vetting process and sneak onto the market. Disguised within legitimate-looking apps, Joker can steal text messages, contact lists, and device information and then subscribe users to unwanted paid and premium services. Thankfully, thousands of Android applications infected with Joker have been taken down from the Google Play Store in the past several years, but it does not seem that this was enough. Since September of 2020, when the last wave of Joker takedowns happened,... Read more...
Hopefully you are not one of the millions of people who have installed an app called PIP Photo onto your Android device. Why is that? While it may seem like a harmless and handy image editing app, it contains malware designed to covertly swipe a person's login credential for Facebook. Same goes for a handful of other Android apps. Each of the nine malicious apps discovered by researchers at Doctor Web contain a trojan that gets to work trying to trick users into coughing up their Facebook usernames and passwords. What makes the apps potentially effective is that they otherwise work as intended and expected. "The applications were fully functional, which was supposed to weaken the vigilance of... Read more...
Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit? That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that was signed by Microsoft. After a lot of investigation into the matter, it turns out that the positive... Read more...
As it goes, crime never pays, and neither does pirating software, as some people on the internet have come to find out. In the last year, there have been reports that popular antivirus programs, like Avast, disappeared from users’ computers. Researchers at the Czech company found that this activity was tied to a new malware called “Crackonosh,” which comes bundled with illegally downloaded copies of popular software. Among many other people, Reddit user /u/Well-oh-well reported that a new Windows 10 laptop booted with an error, restarted, and then came back as normal. After that, however, the “Avast Antivirus shortcut icon was blank and sure enough the avast folder in... Read more...
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad… Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked... Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen... Read more...
Colonial Pipeline was content to fly under the radar as the top fuel pipeline in the United States, but then it was hit by a ransomware attack that severely disrupted operations, and its name was plastered across headlines. Looking to take advantage of the situation and newfound name recognition, hackers are hoping to dupe victims with phishing emails masquerading as required system updates. This is part of the fallout from the attack on a piece of critical infrastructure, and the unwanted notoriety that comes with it. Colonial Pipeline operates over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and seven airports. The attack led to a temporary shortages... Read more...
Though industrial cyberattacks, such as those on JBS Global or Colonial Pipeline, are on the rise, the problem is not exclusive to businesses. According to new research, consumer cyber threats jumped nearly 83% in 2020. With new types of malware skyrocketing, users now need to be more careful than ever. Today, Atlas VPN extracted some interesting data from Malwarebytes' State of Malware 2021 report that gives insight into the company's malware detections via software globally. The most commonly detected threat was HackTool, a piece of riskware that allows users to use Microsoft software illegally. In 2019, there were only 511,848 detections, whereas, in 2020, there were 11.35 million warnings,... Read more...
It is time to update macOS devices as a new 0-day has been found that allows malware to bypass privacy protections. The logic bug allowed any app to inherit another app’s permissions to take screenshots or do other activities without the end-user knowing, making this quite concerning. In 2020, malware called XCSSET made an appearance using two 0-day exploits to target Xcode developers and their projects. It would primarily spread using these projects, some of which were shared on GitHub, “leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects,” as researchers at Trend Micro explain. Since the initial discovery, the... Read more...
When it was found that Microsoft Exchange on-premises was vulnerable to hackers, quite a bit of havoc ensued across a wide range of industries. Since then, the FBI obtained a court order to go in and remove backdoors to hacked servers, but there are likely many hacked Exchange servers still out there. In recent days, researchers have noticed an uptick in DNS queries and new infrastructure and components associated with the Lemon Duck cryptocurrency mining botnet that targeted these vulnerable Exchange servers. In March, Microsoft first caught onto Lemon Duck “adopting different exploit styles and choosing to use a fileless/web shell-less option of direct PowerShell commands” for some... Read more...
Ransomware attacks are on the rise, and both organizations, such as the Washington D.C. Police Department, and individuals like QNAP NAS owners, are being targeted relentlessly. To help combat this, leaders from Amazon, Cisco, FireEye, McAfee, Microsoft, and other firms joined forces with the U.S. Department of Justice, Europol, and the U.K. National Crime Agency to call for an international coalition to fight against ransomware criminals. Simply put, we do not negotiate with terrorists, and this is only an extension of that philosophy. This week, an 81-page report that outlined the Ransomware Task Force and goals of the group was delivered to the Biden administration. It urged the U.S. to lead... Read more...
If you catch the flu, you may be stuck at home or even bedridden for a few days until you get better. If you catch the FluBot malware, you could be at risk of losing sensitive information, such as banking details and personal information. While this malware campaign has not made it across the pond from Europe yet, it could make its way over while wreaking havoc along the way. In late 2020, an Android-based malware was discovered trying to spread itself and capture credit card data. Regardless of the version, the basis for the malware was phishing people with fake links to track packages using reputable names like FedEx and DHL. Once a user clicked a link, it would direct them to download a legitimate-looking... Read more...
The same group of hackers that hit the NBA's Houston Rockets basketball team with a ransomware attack earlier this month has now turned its sights on the police force in Washington, D.C. It is the latest in a string of concerning ransomware attacks aimed at police over the past several weeks, where data leaks can put people's lives in danger. More than just a potentially embarrassing situation, in which private information could be revealed to the public, unscrupulous hackers are also threatening to reveal the identity of police informants to gangs, according to a post on the dark web viewed by The New York Times. In such a scenario, a data dump could conceivably result in actual bodily harm,... Read more...
From time to time, malware will pop up that affects Apple devices which are typically touted as the superior option to other PCs for their security. This happened earlier this year with the mysterious Silver Sparrow malware that caught thousands of M1 Macs. Now, Mac users are being urged to patch again to prevent actively used malware, bypassing many of Apple’s core security measures with ease. File quarantine, Gatekeeper, and Application Notarization are three utilities that have been introduced over the years to help protect users. Effectively, these tools make it so Apple must essentially sign off on all software that could make it to a Mac. If some software somehow managed to sneak... Read more...
When it comes to password management, users really have just a handful of options, and all of them have their caveats. If we choose to just use memorable passwords and recycle them between accounts, one account becoming compromised can lead to a group of them being in a bad state. On the other hand, relying on a cloud service to store passwords puts our security credentials on someone else's servers, and we're subject to whatever tracking those services may entail. Lastly, if we host our own password management solutions, one bad update can leak our credentials to the world. This third option is the story of Click Studios and PasswordState. PasswordState is a self-hosted, as opposed to cloud-hosted,... Read more...
No platform is 100 percent secure, and lest anyone need reminding of that, a Mac malware campaign with Xcode developers in its sights has been modified to infect systems outfitted with Apple's fancy new M1 silicon. The end goal of this particular malware is to rob Mac uses of their cryptocurrencies, by stealing login information related to cryptocurrency apps. The malware is called XCSSET, and it gained prominence in August 2020, when Trend Micro warned of its existence. "This scenario is quite unusual; in this case, malicious code is injected into local Xcode projects so that when the project is built, the malicious code is run. This poses a risk for Xcode developers in particular. The threat... Read more...
Contrary to some beliefs, mobile devices are vulnerable to malware, such as recent spyware that was posing as an Android system update. Today, researchers have disclosed a new piece of mobile malware that hides in a fake application and is spreading itself through WhatsApp. This is just the latest reminder that people need to be more careful about the links they click and the apps they download on any device. The fake application, called “FlixOnline,” was discovered in the Google Play store by researchers at Check Point Research. It was found that if any user downloaded the app and granted the requested permissions, the malware then automatically replies to a victim’s WhatsApp... Read more...
Don't blindly click that link or assume the notification about a system update that you received is real. Zero-day exploits in popular server applications like Solarwinds and Exchange may grab headlines, but the biggest problems most users face with tech security are of the socially-engineered variety. That's the case once again this week, as new malware for Android poses as a security update, but the payload is much darker. According to security firm Zimperium, that supposed critical patch could really be malware that steals messages and personal data, or even takes over the phone entirely.  Zimperium first detected a new System Update malware because the application's behaviors triggered... Read more...
If there is one thing I learned from cartoons in the 1980s, it is that knowing is the half the battle. Thank you G.I. Joe for that tidbit. Fast forward several decades later and that lesson is playing out right before our very eyes, in relation to another malware strain that is able to run natively on Apple's fancy new custom M1 processor. Apple knows about it and has taken steps to stop it from spreading (more on that in a bit). Apple is embarking on a two-year transition phase, in which it is moving completely away from using Intel's CPUs in its Mac systems, in favor of in-house designs based on Arm. The first of those is the M1 chip. We have already spent some hands-on time with the M1 as... Read more...
Apple is embarking on a two-year plan to transition away from using Intel processors across its laptop and desktop families, in favor of its own Arm-based silicon. The venture begins with the M1, an impressive piece of hardware that is generally garnering favorable reviews (including our own Mac mini 2020 review with an M1 chip inside). However, it's not all peaches and cream—a security researcher has discovered the first bit of malware in the wild that is native to the M1 chip. Patrick Wardle, a former researcher for the US National Security Agency (NSA) and currently an independent macOS security researcher, came upon a malicious Safari browser extension called GoSearch22. It was originally... Read more...
A barcode scanning app for Android with more than 10 million downloads under its belt has been found to be the culprit of unwanted ads and pop-ups when using the default browser. This was not the case prior to the developer dishing out an update in early December. But for some stupid reason, years of goodwill went right down the toilet when the app went from "an innocent scanner to full on malware." The app is called Barcode Scanner, developed by Lavabird LTD. It has been available in the Google Play store for several years, where it amassed millions of downloads and a slightly better than 4-star rating out of nearly 80,000 votes. It was described as a "powerful QR code reader and barcode generator... Read more...
The Great Suspender extension is sounding more like the "The Great Suspension" after actions taken today by Google. But first of all, what is The Great Suspender? Well, it's a browser extension that tames some of Google Chrome's most odious habits. It can automatically deactivate tabs that have been used infrequently (thus cutting down on memory consumption), then reload them right away as you click back to them. This is a feature (Sleeping Tabs) that Microsoft has already implemented in the current stable branch of its Edge browser. However, The Great Suspender has been kicked out of the Chrome Web Store over allegations that it "may contain malware." All links to the popular app have been... Read more...
Prev 1 2 3 4 5 Next ... Last