Archive for the ‘malware’ Category

Mac users are getting bombarded by laughably unsophisticated malware

January 23rd, 2020
Mac users are getting bombarded by laughably unsophisticated malware

Enlarge (credit: Kaspersky Lab)

Almost two years have passed since the appearance of Shlayer, a piece of Mac malware that gets installed by tricking targets into installing fake Adobe Flash updates. It usually does so after promising pirated videos, which are also fake. The lure may be trite and easy to spot, but Shlayer continues to be common—so much so that it’s the number one threat encountered by users of Kaspersky Labs’ antivirus programs for macOS.

Since Shlayer first came to light in February 2018, Kaspersky Lab researchers have collected almost 32,000 different variants and identified 143 separate domains operators have used to control infected machines. The malware accounts for 30 percent of all malicious detections generated by the Kaspersky Lab’s Mac AV products. Attacks are most common against US users, who account for 31 percent of attacks Kaspersky Lab sees. Germany, with 14 percent, and France and the UK (both with 10 percent) followed. For malware using such a crude and outdated infection method, Shlayer remains surprisingly prolific.

An analysis Kaspersky Lab published on Thursday says that Shlayer is “a rather ordinary piece of malware” that, except for a recent variant based on a Python script, was built on Bash commands. Under the hood, the workflow for all versions is similar: they collect IDs and system versions and, based on that information, download and execute a file. The download is then deleted to remote traces of an infection. Shlayer also uses curl with the combination of options -f0L, which Thursday’s post said “is basically the calling card of the entire family.”

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, MacOS, Macs, malware, shlayer, trojans | Comments (0)

Newly discovered Mac malware uses “fileless” technique to remain stealthy

December 6th, 2019
Newly discovered Mac malware uses “fileless” technique to remain stealthy

Enlarge (credit: iphonedigital)

Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.

In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.

In-memory infections were once the sole province of state-sponsored attackers. By 2017, more advanced financially motivated hackers had adopted the technique. It has become increasingly common since then.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, fileless, lazarus, MacOS, Macs, malware, North Korea | Comments (0)

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

December 5th, 2019
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups—APT34, also known as ITG13 and Oilrig, and Hive0081,

Posted in computer virus, cyber security, data wiping malware, data wiping software, disk wiping malware, IBM, malware, shamoon malware, Wiper malware | Comments (0)

Official Monero website is hacked to deliver currency-stealing malware

November 20th, 2019
Image of ones and zeros with the word

(credit: Pixabay)

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, cryptocurrency, malware, website hack | Comments (0)

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

November 14th, 2019
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more

Posted in banking Trojan, Cobalt Strike, Cyber Attack, email hacking, Email Phishing, hacking network, macro malware, malware, phishing attack, ransomware, Spear Phishing | Comments (0)

Google enlists outside help to clean up Android’s malware mess

November 9th, 2019
Google enlists outside help to clean up Android’s malware mess

Enlarge (credit: Ron Amadeo)

Android has a bit of a malware problem. The open ecosystem's flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements.

This week, Google announced a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance. All three companies have done extensive Android malware research over the years, and have existing relationships with Google to report problems they find. But now they'll use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live—with the goal of catching more malware before it hits the Play Store in the first place.

"On the malware side we haven’t really had a way to scale as much as we’ve wanted to scale," says Dave Kleidermacher, Google's vice president of Android security and privacy. "What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected."

Read 11 remaining paragraphs | Comments

Posted in Android, App Defense Alliance, Biz & IT, google, malware, Tech | Comments (0)

Researchers unearth malware that siphoned SMS texts out of telco’s network

October 31st, 2019
Researchers unearth malware that siphoned SMS texts out of telco’s network

Enlarge (credit: Eric Rice)

Nation-sponsored hackers have a new tool to drain telecom providers of huge amounts of SMS messages at scale, researchers said.

Dubbed "Messagetap" by researchers from the Mandiant division of security firm FireEye, the recently discovered malware infects Linux servers that route SMS messages through a telecom’s network. Once in place, Messagetap monitors the network for messages containing either a preset list of phone or IMSI numbers or a preset list of keywords.

Messages that meet the criteria are then XOR encoded and saved for harvesting later. FireEye said it found the malware infecting an undisclosed telecom provider. The company researchers said the malware is loaded by an installation script, but didn’t otherwise explain how infections take place.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, eavesdropping, malware, Policy, SMS, telecom, Text Message | Comments (0)

Mysterious malware that re-installs itself infected over 45,000 Android Phones

October 29th, 2019
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices. Dubbed Xhelper, the malware has already infected more than 45,000 Android devices in just the last six months and is continuing to spread by

Posted in Android, Android hacking, Android Malware, Android Security, cyber security, malware, Malware apps, smartphone hacking | Comments (0)

Johannesburg’s network shut down after second attack in 3 months

October 25th, 2019
Johannesburg City Hall

Enlarge / Johannesburg City Hall (credit: Chris Eason)

Johannesburg, the biggest city in South Africa and the 26th largest city worldwide, has shut down its website, billing and electronic services after being hit by a serious network attack, the second one in three months, municipality officials said.

A group calling itself Shadow Kill Hackers took to Twitter to take credit for the attack, claiming it took Johannesburg's “sensitive finance data offline.” The group is demanding 4 Bitcoins, valued at about $32,000 US, for the safe return of the data.

A Johannesburg spokesman said the city took down the site after it detected a breach and that so far no formal ransom demands had been made. He also played down the extent of the breach.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, cities, hacking, malware, Policy, ransomware | Comments (0)