Items tagged with Malware

A government program designed to help low income individuals own a smartphone might be dealing participants more than they bargained for. Or more specifically, security researchers warn that the government-subsidized smartphone provided by Virgin Mobile's Lifeline Assurance Wireless program contains multiple instances of malware. At the heart of the controversy is the Unimax (UMX) U686CL. It is a low-end Android device that is said to cost just $35 to qualifying participants, though at the time of this writing, I can't find the handset at the Assurance Wireless online store. The next closest model is the Unimax U683CL, listed for $39. Researchers at Malwarebytes say they obtained the U686CL to... Read more...
Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds. The malware is called StrandHogg, and there are couple of things that make it extra concerning. One is that all versions of Android are affected, including Android 10, which is the latest build. And secondly, researchers say StrandHogg allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. "The... Read more...
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware. The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data. Other functions that the software can perform include... Read more...
Microsoft has detailed a new malware strain that's been infecting computers globally since October 2018. The malware is called Dexphot, and while it isn't trying to steal data, it is robbing hardware resources of the infected machines. The people behind Dexphot were using the resources of the infected machines to mine cryptocurrency and generate revenue . Dexphot reached its peak in mid-June of 2019 when the botnet had reached nearly 80,000 infected computers. The botnet has shrunk since then as Microsoft has rolled out countermeasures to improve detection and stop attacks. What stood out about Dexphot was the high level of complexity that the attack employed in its methods and techniques. Dexphot... Read more...
Many computer users know that Microsoft doesn't email you about Windows updates, but many people unfortunately still fall for spam tricks. There is a new malicious spam campaign going around that tells users to download a critical Windows update. If users install the attached file, Cyborg ransomware is then loaded on the system. The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only... Read more...
Anyone who uses WhatsApp—and many people do, with the developers claiming 1.5 billion monthly active users—should make sure they have the latest version installed. Otherwise, they could be susceptible to a critical vulnerability that could allow hackers to infiltrate their text messaging conversations, pictures, and other private information. The vulnerability is listed as CVE-2019-11931. In short, a hacker could remotely compromise a device through WhatsApp by sending over a video file injected with malicious code. All the hacker would need is a phone number of a targeted user. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to... Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary... Read more...
Mobile users can mitigate the risk of falling prey to malware by only downloading apps from reputable app stores. The Play Store is one of them, and it is the largest around for Android, though the risk is not by any means non-existent. Google realizes this, and has forged an App Defense Appliance with ESET, Lookout, and Zimperium. Part of the ongoing problem with the Play Store is its sheer size makes it an attractive target for miscreants, as well as the number of Android devices in the wild. According to Google, the Android ecosystem consists of more than 2.5 billion devices, most with access to the Play Store. This has led to a proliferation of malware in the Play Store, as we have reported... Read more...
Well, this is an unfortunate turn of events. Back in July, security researchers at Sophos created a proof-of-concept demonstration showing on how easy it would be for an unpatched RDP (Remote Desktop Protocol) server to be compromised by BlueKeep, a wormable Windows bug. Fast forward to today, and it's been discovered BlueKeep is actively being exploited in the wild. BlueKeep is a dangerous remote code execution vulnerability, and it is no longer a theoretical threat. The evidence so far points to affected machines being used to mine cryptocurrency. There could be worse consequences for this type of bug, though hijacking a PC's resources for mining purposes is, at the very least, an annoyance.... Read more...
Google is having a significant problem with malware on the Google Play store with apps that continue to infect tens of thousands of users. Another Android malware app called Xhelper has been thriving on Google Play for the last six months and infected 45,000 devices during that time.  Making Xhelper a more significant threat is the fact that the app itself downloads other threats along with displaying ads. Currently, Xhelper is targeting users in India, the United States, and Russia. Symantec says that Xhelper is part of a surge in apps that can hide from users, download additional malicious apps, and display ads. Frustrating users even more is the fact that Xhelper is persistent and... Read more...
Security researchers discovered 17 malicious iPhone apps that managed to get through Apple's review process and land on the App Store. The infected apps, which have now been removed, had been infected with clicker trojan malware "designed to carry out ad fraud related tasks in the background," such as clicking on links and continuously opening webpages. "The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network," researchers at security firm Wandera state in a blog post. All of the apps came from the same... Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely.... Read more...
The battle against malware never ends. Nearly 200 harmful apps were discovered in the Google Play Store in September 2019. These apps were installed by over 335 million users. Most of the harmful ads contained malicious or misleading malware. These apps were downloaded by more than 300 million people. Google removed 46 apps alone from Chinese developer iHandy. Most of their apps feature tools for selfies, security and antivirus utilities, keyboards, horoscopes, emoji, and health. The developer claims that they attract more than 180 million monthly users. Google noted that the apps included “deceptive or disruptive” ads, which violates their policies. The apps even drained users' batteries... Read more...
Malware has been a common problem within the Google Play Store, and two apps that have run a malicious adware scheme have been the latest to get the boot. The apps have been raking in the cash for their authors, but have consequently been putting the people who have downloaded them through living hell. The first of the app is called Sun Pro Beauty Camera, and it amassed over 1 million downloads since it first appeared on the Play Store. The second app, Funny Sweet Beauty Camera, which was created by the same developer, garnered in excess of 500,000 downloads. Not only would the apps display intrusive ads that were hard or nearly impossible to close out (even when the apps in question were... Read more...
The latest “Joker” spyware is no laughing matter as it can easily compromise a lot of the personal data you keep on your phone. Researchers recently discovered spyware that can access your SMS messages, contact list and other information. The spyware was found in over 24 Android apps on Google Play and has infected nearly 500,000 users. The “Joker” spyware was originally detected this past June and was named after one of its command-and-control (C2) domain names. It can gain access to a victim’s SMS messages, contacts list, and other specific device information. It can also sign victims up for premium subscription services without their knowledge. The Joker is able... Read more...
Earlier this week, you brought you the news of an unfortunate turn of events that resulted in the popular app CamScanner being removed from the Google Play Store. The app, which can create PDF documents, is developed by CC Intelligence and has been downloaded over 100 million times. The problem came into play when users began getting bombarded with "unwanted features" and advertisements that took over their smartphone's display. The folks at Kaspersky Lab were able to determine that the CamScanner was carrying a malicious module dubbed Trojan-Dropper.AndroidOS.Necro.n, which was serving intrusive ads to users. After staying mum on the situation for most of the week, CamScanner's developers... Read more...
There's trouble brewing in the Google Play Store... again. This time the threat comes from CamScanner, which for quite some time has been a popular app that allows Android users to create PDF documents using optical character recognition (OCR) technology. The app was developed by Chinese firm CC Intelligence. However, in recent weeks, it appears that CamScanner has taken a turn for the worse, and has unleashed a malware campaign on unsuspecting Android users. CamScanner had previously used in-app ads and in-app purchases for its monetization efforts, but recent versions of the app have included a new advertising library tainted with a trojan. The malicious module has been identified... Read more...
Microsoft is warning Windows users of several new "wormable" exploits similar in style to BlueKeep, two of which are tagged as critical Remote Code Execution (RCE) vulnerabilities. As with BlueKeep, which Microsoft patched a few months ago, the exploits exist within the Remote Desktop Services protocol (formerly known as Terminal Services). These types of exploits are especially worrisome because of their ability to spread through a computer network, once a single machine is infected. "It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft... Read more...
Security researchers have discovered it is possible to hack a digital SLR camera with Wi-Fi capabilities (fast becoming a common feature in modern DSLR cameras) to install ransomware, thereby hijacking a user's photographs. Just as it happens on a PC, the photos would be encrypted, with the attacker threatening to permanently delete them if a ransom is not paid. "Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi. This means that what was once a PTP/USB protocol that was accessible only to the USB connected devices, is now also PTP/IP that is accessible to every WiFi-enabled device in close proximity," Check Point says. According to Check... Read more...
We've simply grown accustomed to reading about Android malware on a regular basis, but this latest entry is both intriguing and incredibly dastardly in its deeds. Called Agent Smith, this malware has already infected 25 million Android devices globally with adware. Of those 25 million devices, India has been hit the hardest, taking the brunt of the attacks with 15 million infected devices. Agent Smith, which was first observed in the wild by Check Point Research earlier this year, has been coursing through the Google Play Store. After monitoring the its attack vector, Check Point Research was able to summarize Agent Smith's modus operandi into three parts. First, the malware lurks in... Read more...
182 Android apps have been linked to an adware campaign that has plagued users who download apps from Google Play. Trend Micro detected the adware campaign identified as AndroidOS_HiddenAd.HRXAA and AndroidOS_HiddenAd.GCLA. The adware was hidden inside free-to-download game and camera apps, the majority of which were found on the Google Play Store and had millions of downloads collectively. The adware behind the campaign was disguised as game and camera apps and was discovered in mid-June. Trend Micro says that it generated heuristic patterns that were used to analyze other samples it had detected and were able to deduce that the adware campaign had been active since 2018. All of the apps that... Read more...
This mobile app is definitely something to scream about in more ways than one. The Android game “Scary Granny ZOMBYE Mod: The Horror Game 2019” s stealing users’ Google and Facebook data. The malicious app attempts to siphon both data and money from its users to attackers.  “Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th. Image credit: Wandera Security... Read more...
First ... Prev 3 4 5 6 7 Next ... Last