Archive for the ‘trojans’ Category

Advanced Linux backdoor found in the wild escaped AV detection

May 30th, 2019
Advanced Linux backdoor found in the wild escaped AV detection

Enlarge (credit: Jeremy Brooks / Flickr)

Researchers say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.

HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.

Some of the evidence analyzed—including code showing that the computers it infects are already compromised by the same attackers—indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It’s not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrencies.

Read 9 remaining paragraphs | Comments

Posted in backdoors, Biz & IT, linux, malware, rootkits, trojans | Comments (0)

Clever trick uses Windows executable file to install malicious payload on Macs

February 11th, 2019
A laptop monitor warns of an impending encounter with malware.

Enlarge (credit: Christiaan Colen / Flickr)

Malware pushers are experimenting with a novel way to infect Mac users that runs executable files that normally execute only on Windows computers.

The files and folders found inside a DMG file that promised to install Little Snitch.

The files and folders found inside a DMG file that promised to install Little Snitch. (credit: Trend Micro)

Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files.

“We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design,” Trend Micro researchers Don Ladores and Luis Magisa wrote. “We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine.”

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, GateKeeper, MacOS, malware, trojans, windows executables | Comments (0)