Malware news & analysis | SC Media

Malware

Downloads of cracked software distribute ransomware via adware bundles

By

Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…

telegrammessageapp_875461

Researchers find Telegram bot chatter is actually Windows malware commands

By

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

By

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

Researchers develop proof-of-concept malware for attacking Building Automation Systems

By

Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…

TEMP.MixMaster group infects with Trickbot and delayed Ryuk ransomware combo

By

Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin. The attacks are also unique as the threat actors often wait for extended periods after gaining access, often profiting from…

ICEPick-3PC malware compromises third-party tools to steal Android IPs

By

A new malware dubbed ICEPick-3PC is stealing device IP addresses en masse since at least spring 2018. The malware executes after its authors hijack a website’s third‐party tools which are often pre-loaded onto client platforms by self-service agencies and are designed to incorporate interactive web content, such as animation via HTML5, The Media Trust said…

85 adware apps pose as game, TV, and remote control simulator apps in Google Play

By

Across the globe, adware disguised as 85 game, TV, and remote control simulator apps in the Google Play store have been downloaded nine million times. Trend Micro researchers spotted the adware which has the ability to display full-screen sized ads, hide itself, monitor a device’s screen unlocking functionality and run in the device’s background, according…

NSA to demo open-source malware reverse engineer tool at RSA 2019

By

The National Security Agency (NSA) will demonstrate a free and open-source tool for reverse engineering malware with the hopes of improving security rather than undermining it. The agency is advertising the free tool, GHIDRA, as part of its presentation at The 2019 RSA Conference on March 5. “An interactive GUI capability enables reverse engineers to…

WhatsApp malicious video hoax reportedly makes comeback

By

An old hoax targeting WhatsApp users has reportedly reemerged, attempting to scare users by falsely warning them not to download a supposed video that contains dangerous malware. The fake notification, which pops up up on WhatsApp’s instant message feature, advises users to be on the lookout for a malicious video titled “Martinelli”. However, no such…

Next post in Security News