Archive for the ‘malware’ Category

New malware found using Google Drive as its command-and-control server

January 21st, 2019
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (

Posted in APT hacking group, Command-and-Control Server, Cyber Attack, DarkHydrus APT, Google drive, hacking news, malware, Malware attack, Windows Vista | Comments (0)

Google Play malware used phones’ motion sensors to conceal itself

January 18th, 2019
Google Play malware used phones’ motion sensors to conceal itself

Enlarge (credit: Andri Koolme / Flickr)

Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection—they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.

The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Security firm Trend Micro found the motion-activated dropper in two apps—BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious.

Read 5 remaining paragraphs | Comments

Posted in Android, anubis, Biz & IT, google play, malware, motion sensor | Comments (0)

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

January 17th, 2019
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

Posted in bank hacking, Botnet, Cyber Attack, ddos attack, hacker arrested, hacking news, malware, Ukraine, Ukrainian hacker | Comments (0)

Eight months after discovery, unkillable LoJax rootkit campaign remains active

January 16th, 2019
Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

Last May, researchers published a bombshell report documenting sophisticated malware attributed to the Russian government. The malware, dubbed "LoJax," creates a persistent backdoor that survives operating system reinstalls and hard drive replacements. On Wednesday, researchers published new findings that indicate the campaign remains active.

LoJax in May became the first known case of a real-world attack harnessing the power of the Unified Extensible Firmware Interface boot system found in virtually all modern Windows computers. As software that bridges a PC’s firmware and its operating system, UEFI is essentially a lightweight operating system in its own right. That makes it a handy place to hide rootkits because once there a rootkit will remain in place even after an OS is reinstalled or a hard drive is replaced.

LoJack repurposed

LoJax gets its name from LoJack, an anti-theft product from developer Absolute Software. The rootkit is a modified version of a 2008 release of LoJack (then called Computrace). The anti-theft software achieved persistence by burrowing into the UEFI of the computer it was protecting. The design ensured that even if a thief made major changes to a computer’s hardware or software, a LoJack “small agent” would remain intact and be able to contact Absolute Software servers.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, Fancy Bear, lojax, malware, rootkits, UEFI | Comments (0)

Four months after its debut, sneaky Mac malware went undetected by AV providers

December 21st, 2018
Screenshot of virus-detecting program.

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle)

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday.

Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.)

Read 5 remaining paragraphs | Comments

Posted in antivirus, apple, Biz & IT, MacOS, Macs, malware | Comments (0)

New Malware Takes Commands From Memes Posted On Twitter

December 18th, 2018
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their

Posted in Command-and-Control Server, Cyber Attack, cyber security, malware, meme images, steganography, Twitter | Comments (0)

New Shamoon Malware Variant Targets Italian Oil and Gas Company

December 14th, 2018
Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia's largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East,

Posted in computer virus, Cyber Attack, cyber security, data recovery software, data security, data wiping malware, Iranian Hackers, malware, shamoon, shamoon malware, state sponsored attack | Comments (0)

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

December 6th, 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute

Posted in Adobe Flash Player, cyber security, Flash Player Update, flash vulnerability, Flash zero day, hacking news, malware, Microsoft office, Zero-Day Vulnerability | Comments (0)

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

December 4th, 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin. Instead, the attacker is

Posted in Chinese Hackers, computer virus, malware, Malware attack, password stealer, ransomware, ransomware attack, ransomware malware, Wechat | Comments (0)

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

November 28th, 2018
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed. The duo used

Posted in Cyber Attack, Cyber Criminal, file encryption software, hacker arrested, hacking news, Iranian Hackers, malware, Malware attack, ransomware, ransomware attack, Samsam Ransomware | Comments (0)