Archive for the ‘malware’ Category

Cerberus: A New Android ‘Banking Malware For Rent’ Emerges

August 13th, 2019
After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses. Dubbed "Cerberus," the new remote access Trojan allows remote attackers to take total control over the infected Android devices and

Posted in Android Banking Malware, android banking trojan, banking malware, banking Trojan, Cerberus Malware, cybersecurity, hacking news, malware, mobile spying apps | Comments (0)

New advanced malware, possibly nation sponsored, is targeting US utilities

August 2nd, 2019
New advanced malware, possibly nation sponsored, is targeting US utilities

(credit: Maëlick / Flickr)

A new piece of advanced espionage malware, possibly developed by nation-supported attacker, targeted three US companies in the utilities industry last month, researchers from security firm Proofpoint reported on Thursday.

Employees of the three unnamed companies, a Proofpoint reported, received emails purporting to come from the National Council of Examiners for Engineering and Surveying. This non-profit group develops, administers, and scores examinations used in granting licenses for US engineers. Using the official NCEES logo and the domain nceess[.]com, the emails said that the recipients failed to achieve a passing score on a recent exam. The attached Word document was titled Result Notice.doc.

(credit: Proofpoint)

Malicious macros embedded into the document attempted to install a package of full-featured malware Proofpoint calling LookBack. Components included a remote-access trojan written in C++ and a proxy tool for communicating with a command and control server. Once LookBack is installed, it gives attackers a full range of capabilities that include:

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, espionage, malware, utilities | Comments (0)

Your Android Phone Can Get Hacked Just By Playing This Video

July 25th, 2019
Are you using an Android device? Beware! You should be more careful while playing a video on your smartphone—downloaded anywhere from the Internet or received through email. That's because, a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS

Posted in Android, Android patch, Android Security, google, hacking video, malware, media framework, patch update | Comments (0)

Popular Malware Families Using ‘Process Doppelgänging’ to Evade Detection

July 25th, 2019
The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and

Posted in code injection attack, hacking news, malware, Process Doppelganging, process hollowing, process injection | Comments (0)

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

July 25th, 2019
Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw. BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote

Posted in BlueKeep RDP Flaw, BlueKeep RDP Vulnerability, BlueKeep Vulnerability, botnet malware, cryptocurrency malware, hacking news, Linux botnet, Linux Vulnerability, malware, windows Vulnerability | Comments (0)

Advanced mobile surveillanceware, made in Russia, found in the wild

July 24th, 2019
Advanced mobile surveillanceware, made in Russia, found in the wild

Enlarge (credit: Big Brother Utopia)

Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that country’s Main Intelligence Directorate meddle in the 2016 US presidential election.

Monokle uses several novel tools, including the ability to modify the Android trusted-certificate store and a command-and-control network that can communicate over Internet TCP ports, email, text messages, or phone calls. The result: Monokle provides a host of surveillance capabilities that work even when an Internet connection is unavailable. According to a report published by Lookout, the mobile security provider that found Monokle is able to:

  • Retrieve calendar information including name of event, when and where it is taking place, and description
  • Perform man-in-the-middle attacks against HTTPS traffic and other types of TLS-protected communications
  • Collect account information and retrieve messages for WhatsApp, Instagram, VK, Skype, imo
  • Receive out-of-band messages via keywords (control phrases) delivered via SMS or from designated control phones
  • Send text messages to an attacker-specified number
  • Reset a user’s pincode
  • Record environmental audio (and specify high, medium, or low quality)
  • Make outgoing calls
  • Record calls
  • Interact with popular office applications to retrieve document text
  • Take photos, videos, and screenshots
  • Log passwords, including phone unlock PINs and key presses
  • Retrieve cryptographic salts to aid in obtaining PINs and passwords stored on the device
  • Accept commands from a set of specified phone numbers
  • Retrieve contacts, emails, call histories, browsing histories, accounts and corresponding passwords
  • Get device information including make, model, power levels, whether connections are over Wi-Fi or mobile data, and whether screen is on or off
  • Execute arbitrary shell commands, as root, if root access is available
  • Track device location
  • Get nearby cell tower info
  • List installed applications
  • Get nearby Wi-Fi details
  • Delete arbitrary files
  • Download attacker-specified files
  • Reboot a device
  • Uninstall itself and remove all traces from an infected phone

Commands in some of the Monokle samples Lookout researchers analyzed lead them to believe that there may be versions of Monokle developed for devices running Apple’s iOS. Unused in the Android samples, the commands were likely added unintentionally. The commands controlled iOS functions for the keychain, iCloud connections, iWatch accelerometer data, iOS permissions, and other iOS features or services. Lookout researchers didn’t find any iOS samples, but they believe iOS versions may be under development. Monokle gets its name from a malware component a developer titled "monokle-agent."

Read 10 remaining paragraphs | Comments

Posted in Android, Biz & IT, malware, mobile devices, surveillance | Comments (0)

EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

July 17th, 2019
Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core

Posted in Cyber Attack, hacking news, Linux malware, linux spyware, malware, virus total | Comments (0)

Researchers crack open Facebook campaign that pushed malware for years

July 2nd, 2019
Artist's impression of wireless hackers in your computer.

Enlarge / Artist's impression of wireless hackers in your computer. (credit: TimeStopper/Getty Images)

Researchers have exposed a network of Facebook accounts that used Libya-themed news and topics to push malware to tens of thousands of people over a five-year span.

Links to the Windows and Android-based malware first came to researchers’ attention when the researchers found them included in Facebook postings impersonating Field Marshal Khalifa Haftar, commander of Libya’s National Army. The fake account, which was created in early April and had more than 11,000 followers, purported to publish documents showing countries such as Qatar and Turkey conspiring against Libya and photos of a captured pilot that tried to bomb the capital city of Tripoli. Other posts promised to offer mobile applications that Libyan citizens could use to join the country’s armed forces.

According to a post published on Monday by security firm Check Point, most of the links instead went to VBScripts, Windows Script Files and Android apps known to be malicious. The wares included variants of open source remote-administration tools with names including Houdina, Remcos, and SpyNote. The tools were mostly stored on file-hosting services such as Google Drive, Drobbox, and Box.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, malware, Remote Access Trojans | Comments (0)

In-the-wild Mac malware kept busy in June—here’s a rundown

June 29th, 2019
In-the-wild Mac malware kept busy in June—here’s a rundown

June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS.

The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that's available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe’s Flash media player, but it's in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.

“The team at Intego has observed OSX/CrescentCore in the wild being distributed via numerous sites,” Intego’s Joshua Long wrote of two separate versions of the malware his company has found. “Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.”

Read 7 remaining paragraphs | Comments

Posted in apple, Biz & IT, exploits, MacOS, Macs, malware, social engineering, vulnerabilities | Comments (0)

Samsung asks users to please virus-scan their TVs

June 18th, 2019

Yesterday on Twitter, Samsung's US support team reminded everyone to regularly—and manually—virus-scan their televisions.

Samsung's team followed this up with a short video showing someone in a conference room going 16 button-presses deep into the system menu of a Samsung QLED TV to activate the television's built-in virus-scan, which is apparently "McAfee Security for TV."

Unsurprisingly, Samsung got immediate pushback on these tweets and almost as immediately deleted them.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, malware, QLED, Samsung, Tech, virus | Comments (0)