Items tagged with Malware

Malware is something that computer users have fought since the dawn of the computer age it seems. Hackers who use malware to try breach networks and user data have evolved some pretty sophisticated methods as of late. Late this week, Microsoft Security Intelligence has announced via Twitter that it's tracking a "massive campaign" that delivers a malicious payload including the remote control access tool, NetSupport Manager, using emails with an attachment that contains malicious Excel 4.0 spreadsheet macros. The email campaign tries to fool users into opening an attachment that contains Excel pages that are COVID-19 themed and full of what appears to be statistics. We’re tracking a... Read more...
A number of supercomputers across Europe have been targeted by malware that focuses on mining for cryptocurrency (Monero). The malware has forced supercomputers in the UK, Germany, and Switzerland to be shutdown as operators investigate the security incidents. The high-performance computing center in Spain was also reportedly targeted by a malware attack. The first reported attack surfaced last Monday and came from the University of Edinburg, home of the ARCHER supercomputer. The university reported that there was a "security exploitation on the ARCHER login nodes." ARCHER operators shutdown the system for an investigation, and all SSH passwords were reset to prevent further intrusions. In Germany,... Read more...
There are multiple ways to sneakily extract data from a PC, and not all of them involve directly tapping into the storage device. Even a PC that is not connected to a network is vulnerable. These are referred to as air gapped systems, and security researcher Mordechai Guri from Israel's Ben Gurion University of the Negev found yet another way to siphon data from them, this time by interpreting sounds from the power supply. Guri is a bit of a specialist in this area. Last month, he outlined a clever method of extracting data from an air gapped PC by manipulating and interpreting case fan vibrations. He referred to this method as 'AiR-ViBeR' in a whitepaper. While limited in scope, if a person... Read more...
Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence. Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be... Read more...
Security researchers have discovered a way to thwart almost every antivirus program using a "unique but simple method" involving directly junctions and symlinks. Antivirus software that falls prey to this kind of attack essentially attack themselves by deleting files critical to the program's operation, leaving users vulnerable. According to the researchers, this method works because of a fundamental flaw in how antivirus software performs real-time scans of unknown files. Almost all of them run in a privileged state, or the highest level of authority on an operating system. "What most antivirus software fail to take into consideration is the small window of time between the initial file scan... Read more...
Security researchers at a university in Isreal have developed a novel approach to covertly siphoning sensitive data from PCs. At its core, this is yet another malware scheme. But what makes this method somewhat unique is that it is transmits data from a target PC to a nearby smartphone (or other device) through fan vibrations. Say what? Mordechai Guri from the Cyber Security Research Center at Ben-Gurion University of the Negev, Israel, outlined the cunning method dubbed 'AiR-ViBeR' in a whitepaper. This is essentially what's known as an air-gap vulnerability. "Air-gap covert channels are special types of covert communication channels that enable attackers to exfiltrate data from isolated, network-less... Read more...
You would have a better chance of finding a needle in a haystack that is a mile high, than scruples in a malware author that targets victims during a pandemic. The current virus outbreak is no exception. According to Microsoft, a piece of malware masquerading as an informational document from a non-profit offering free COVID-19 testing is making the rounds in a big way. It's called "Trickbot" and it is "the most prolific malware operation using COVID-19 themed lures," based on Microsoft's Office 365 ATP data, the company stated on Twitter. "This week's campaign uses several hundreds of unique macro-laced document attachments in emails that pose as message[s] from a non-profit offering free COVID-19... Read more...
As we have said before, these are challenging times as we all adapt to the reality of a deadly virus and keeping our distance from one another to slow its spread. Making matters worse, nefarious actors are pouncing on the opportunity to spread malware. This means you need to be extra cautious about falling for a phishing scam. It's a numbers game for malware authors. Google shared some interesting stats, saying Gmail weeds out and blocks more than 100 million phishing emails every day. During the past week, Google says it saw 18 million daily malware and phishing emails related to COVID-19. "This is in addition to more than 240 million COVID-related daily spam messages. Our ML [machine learning]... Read more...
It appears as though even malware authors are going a little stir crazy during this time of recommended isolation. One of the newest PC infections making the rounds is a nasty piece of 'wiper' malware that effectively locks victims out of their computers, and displays a message giving false credit for the infection to a pair of renowned security researchers. The type of infection going around is referred to as an MBRLocker. What these type of malware strains do is replace the master boot record (MBR) on a PC to prevent the operating system (OS) from loading. Some strains also go the extra mile by encrypting the table containing partition information, which makes it impossible for a victim to... Read more...
We've discussed the rather nasty xHelper malware on a number of occasions here at HotHardware, and it's a rather insidious trojan. XHelper first started making the rounds via the Google Play Store roughly a year ago, and by October 2019, over 45,000 Android devices had fallen victim to its tainted tentacles. As of now, that number has surpassed 50,000. The folks over at Kaspersky have performed a rather thorough analysis of xHelper, which manifests itself in Trojan-Dropper.AndroidOS.Helper.h and is typically distributed via apps that claim to clean your smartphone or boost its performance. However, once the payload is downloaded, decrypted, installed, and then launched on a device, it then... Read more...
Researchers at Bitdefender announced the discovery of a new attack that is targeting home routers. In the attack, the DNS settings in the router are changed to redirect the victim to a website that delivers the Oski infostealer malware as the final payload. The most interesting aspect of the malware is that it stores the malicious payload using Bitbucket, which is a popular web-based control repository hosting service. The sneaky malware takes steps to avoid alerting the victim that their router has been compromised, including abusing TinyURL to hide the link to the Bitbucket payload. The page that users are redirected to talks about the coronavirus pandemic and offers a download to give users... Read more...
Google began rolling out version 80 of its Chrome browser to the public at large in early February, with the most publicized feature being a new cookie classification system designed to give users more control over cookie controls. While cookie handling dominated the headlines, Chrome 80 also added stronger encryption, though perhaps not strong enough. Starting with Chrome 80, the browser encrypts local passwords and cookies in Windows using AES-256 encryption. Prior to Chrome 80, the browser leveraged the data protection API (DPAPI) built into the OS to handle encryption chores. And it still does, but AES-256 acts as another layer of protection for added security. This was thought to thwart... Read more...
We fully realize we are preaching to the choir, but never open up unsolicited and/or unexpected email attachments. Remind your friends and remind your family members. Lest anyone need a reminder of why this is a bad idea, security researchers are warning of a group of attackers who have been phishing for victims as part of a TrickBot malware campaign. The hackers are using the remote desktop ActiveX control in Word documents to carry out their malicious deeds. Once initiated on a Windows 10 PC, the ActiveX control automatically executes a malware downloader called Ostap, which was recently adopted by TrickBot for delivering payloads. And it all starts with phishing. Malicious actors send out... Read more...
As with many things in life, when it comes to mobile app security, you win some and you lose some. So it goes for Google and its Play Store. A new 2019 Mobile App Thread Landscape Report put together by RiskIQ pegs the Play Store as being the second most dangerous place to download apps, in terms of the number of malicious apps that were hosted last year. At the same time, the Play Store showed a big decline in malicious apps in 2019. This is somewhat of an important ranking, considering that users downloaded over 200 billion apps in 2019, and spent more than $120 billion in app stores around the world, according the report. Looking ahead, the RiskIQ expects both figures to be even higher for... Read more...
Imagine hitting it off with a love (or lust) interest, and then finding out the person who grabbed your attention never existed, at least not in the way you thought. Such a situation recently happened to hundreds of Israeli soldiers who fell prey to a "honey trap" campaign and contracted digital infections on their mobile phones. Hamas cyber militants made a bunch of fake profiles on various social media sites and chat services, including Facebook, Instagram, WhatsApp, and Telegram, and used pictures of teenage girls for the profile photos to lure soldiers into the scam. Through instant messaging exchanges, soldiers were duped into downloading dating apps containing malware. Hamas created fake... Read more...
Nearly every device on the market relies on firmware and many devices include multiple components with their own firmware. Manufacturers and developers have begun to focus on protecting system firmware from potential attackers, but peripheral firmware often receives very little attention. Security researchers at Eclypsium recently uncovered unsigned or unverified firmware in devices by companies such as Lenovo, HP, and Dell and were able to successfully attack a server. Many have been aware for quite some time of the dangers of unsigned firmware, but this recent study emphasizes how frequently manufacturers tend to ignore peripherals. Katie Teitler, Senior Analyst at TAG Cyber, remarked, “Software... Read more...
It's all fun and games until a nasty bit of malware infiltrates your PC and wreaks havoc, right? To quote the late, great Bill Paxton, at that point it's "Game over man! Game over!" Fortunately, common sense computing habits are highly effective. Malware writers can be a clever, however, and security researchers are warning of a particular strain posing as a popular games launcher. The malware in question is called LokiBot. If infected, it can swipe personal data from your PC, including passwords and cryptocurrency information (in case you're still into mining or collecting cryptocurrencies). LokiBot is not new—it's shown up through various means in the past, including a variant that used... Read more...
Android Trojan xHelper haunted the Google Play Store in 2019. After several months, it appeared that the malware had disappeared. Unfortunately, xHelper was not dead but only sleeping. Security researchers at Malwarebytes Lab recently discovered that xHelper was once again infecting devices and that its reinfection seemed to be triggering off from Google Play. Android Trojan xHelper first appeared in Spring 2019 and infected over 45,000 devices. xHelper targeted users in India, the United States, and Russia. It is a malware dropper whose main purpose is to provide a backdoor to attackers. The attackers can then install other apps, steal data, or even take over the device. A Malwarebyte forum... Read more...
A new trojan has been spotted that is called Emotet. The trojan is described as highly sophisticated and it serves as a loader for other malware or ransomware once installed on a system. The key function of Emotet is that it can deliver custom modules or plugins that are designed for specific tasks. Those tasks include things like stealing Outlook contacts or spreading over a LAN. Recently, Binary Defense discovered a new loader type that takes advantage of the wlanAPI interface to enumerate all WiFi networks in the area. It will then attempt to spread to those networks and infect all the devices it can as it spreads. The protocol for the trojan is based on Google's Protobufs to serialize data... Read more...
Get a Mac, they said. It will be fun, they said. But what they did not tell you is that Macs are not immune to malware, contrary to what some people might think. It has to be less of a risk though, right? Maybe, maybe not. A new security report indicates that malware threats on the Mac increased a whopping 400 percent in 2019. The exponential increase resulted in Mac systems being twice as susceptible to malware threats as Windows-based PCs. Surprised? Admittedly, so are we. "Mac threats increased exponentially in comparison to those against Windows PCs. While overall volume of Mac threats increased year-over-year by more than 400 percent, that number is somewhat impacted by a larger Malwarebytes... Read more...
Anyone whoever required proof that malware didn't have to be sophisticated to be prolific should look at the macOS malware known as Shlayer. The malware found its way onto the victim computers by tricking them into installing a fake Adobe Flash update. The malware lures the users to install the fake Flash Player update by promising pirated videos, which are also said to be fake. Despite the simple attack method, Shlayer continues to be so common that it's the number one threat encountered by macOS users of Kaspersky antivirus software. The malware first surfaced in February 2018. Since that debut, about 32,000 variants have been collected by researchers at Kaspersky, along with 143... Read more...
A government program designed to help low income individuals own a smartphone might be dealing participants more than they bargained for. Or more specifically, security researchers warn that the government-subsidized smartphone provided by Virgin Mobile's Lifeline Assurance Wireless program contains multiple instances of malware. At the heart of the controversy is the Unimax (UMX) U686CL. It is a low-end Android device that is said to cost just $35 to qualifying participants, though at the time of this writing, I can't find the handset at the Assurance Wireless online store. The next closest model is the Unimax U683CL, listed for $39. Researchers at Malwarebytes say they obtained the U686CL to... Read more...
First ... Prev 2 3 4 5 6 Next ... Last