Clik here to view.
Smishing Campaign Uses Twilio to Deliver DroidJack Malware
This week we’ve detected an unsophisticated piece of malware targeting mobile subscribers in North America. The malware termed a RAT (remote access tool) is being sent via SMS in the US and has been...
View ArticleClik here to view.
New Alma Locker Ransomware being distributed via the RIG Exploit Kit
A new ransomware called Alma Locker has been discovered by Proofpoint researcher Darien Huss that encrypts a victim’s data and then demands a ransom of 1 bitcoin within five days. There has been a lot...
View ArticleClik here to view.
Linux.PNScan Trojan is back to compromise routers and install backdoors
The Linux Trojan Linux.PNScan is back and it is actively targeting routers based on x86 Linux in an attempt to install backdoors on them. Yesterday I wrote about a new Linux Trojan dubbed Linux.Rex.1,...
View ArticleClik here to view.
Nightmare on Tor Street: New Ursnif Variant Dreambot Adds Tor Functionality
One of the most active banking Trojans that we have observed recently in email and exploit kits is one often referred to as Ursnif or Gozi ISFB [6]. Thanks to Frank Ruiz from FoxIT InTELL, we know that...
View ArticleClik here to view.
The curious case of the Domino Ransomware, a Windows Crack, and a Cow
The Domino Ransomware is a new infection discovered by Daniel Gallagher and Michael Gillespie that is based off of the Hidden Tear open-source ransomware project. What makes this variant interesting...
View ArticleClik here to view.
How I Could Have Hacked Multiple Facebook Accounts
Let’s get into the nitty-gritty. The only way you can reset your password on Facebook (if you’ve forgotten one) is through entering a 6 digit passcode. Well that’s 10⁶ = 1,000,000 possible...
View ArticleClik here to view.
Hacker who stole 2.9 million credit card numbers is Russian lawmaker’s son
Roman Seleznev, aka “Track2,” was found guilty of 38 counts relating to fraud and theft. On Thursday, a federal jury in Seattle found Roman Seleznev guilty of stealing millions of credit card numbers...
View ArticleClik here to view.
Meet USBee, the malware that uses USB drives to covertly jump airgaps
Technique works on virtually all USB drives with no modifications necessary. In 2013, a document leaked by former National Security Agency contractor Edward Snowden illustrated how a specially modified...
View ArticleClik here to view.
RIPPER ATM MALWARE AND THE 12 MILLION BAHT JACKPOT
In this blog, FireEye Labs dissects this new ATM malware that we have dubbed RIPPER (due to the project name “ATMRIPPER” identified in the sample) and documents indicators that strongly suggest this...
View ArticleClik here to view.
Google Login Page Bug Can Lead to Automatic Malware Download
Google declined to classify this as a security issue. British security researcher Aidan Woods discovered an issue on Google’s login page that allows clever attackers to automatically download files on...
View ArticleClik here to view.
OSX/Keydnap spreads via signed Transmission application
Last month ESET researchers wrote an article about a new OS X malware called OSX/Keydnap, built to steal the content of OS X’s keychain and maintain a permanent backdoor. At that time of the analysis,...
View ArticleClik here to view.
The Hunt for Lurk
When we first encountered Lurk, in 2011, it was a nameless Trojan. It all started when we became aware of a number of incidents at several Russian banks that had resulted in the theft of large sums of...
View ArticleClik here to view.
Unsophisticated Revenge RAT Released Online for Free EXCLUSIVE
RAT is still in its early stages of development. An Arabic-speaking malware coder using the name Napoleon has released a new RAT (Remote Access Trojan/Tool) called Revenge, which he’s distributing for...
View ArticleClik here to view.
Hacked Redis Servers being used to install the Fairware Ransomware Attack
Recently I wrote about a supposedly new ransomware called Fairware that was targeting Linux servers. When a server was hacked by Faireware, it would delete various data folders and create a ransom note...
View ArticleClik here to view.
New cloud attack takes full control of virtual machines with little effort
Existing crypto software “wholly unequipped” to counter Rowhammer attacks. The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits...
View ArticleClik here to view.
Double-click me not: Malicious proxy settings in OLE Embedded Script
Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running...
View ArticleClik here to view.
Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted
Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued to monitor this threat over time resulting in large scale research and even resulting in a...
View ArticleClik here to view.
Betabot Trojan Steals Your Passwords and Then Installs Ransomware
In my previous blog about password stealing malware, we discussed how Pony malware steals passwords and is as big and rampant across the internet as any single ransomware family. Now along comes...
View ArticleClik here to view.
The Nullbyte Ransomware pretends to be the NecroBot Pokemon Go Application
A new DetoxCrypto Ransomware variant called the Nullbyte Ransomware has been discovered by Emsisoft security researched xXToffeeXx that pretends to be the popular Pokemon Go bot application called...
View ArticleClik here to view.
Attackers Combine Three Botnets to Launch Massive DDoS Attack
Crooks use a botnet of CCTV cameras, one of home routers, and one made up by compromised web server. An unnamed website has been at the end of a ferocious Layer 7 DDoS attack that involved traffic from...
View Article