Malware news & analysis | SC Media

Malware

WirelessRouter2

IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature

By

A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

Lazarus FASTCash ATM attack details discovered

By

Symantec researchers have uncovered several crucial details behind how the cybergang Lazarus, (AKA Hidden Cobra) has successfully conducted dozens of ATM hacks resulting in the machines literally spewing money out on the group’s command. The FBI and DHS have issued warnings on FASTCash. What was already known is that the bank robbers inject a malicious…

StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code

By

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

Spyware disguised as Spanish banking apps removed from Google Play

By

A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…

Apps submitted to Google Play are now reviewed by 'experts'

29 stealthy banking trojans removed from Google Play store

By

Nearly 30 banking trojans were removed from the Google Play Store but not before being downloaded by nearly 30,000 users. ESET researchers spotted 29 malicious apps masquerading as device boosters, cleaners, battery managers, horoscope-themed apps and after installed, could dynamically impersonate any app installed on the victim’s device and target the user with custom phishing…

No news on if Iran will retaliate yet...

Iran claims telecommunications infrastructure was attacked by Stuxnet variant

By

Iran officials are reportedly claiming that a variant of the Stuxnet worm that disrupted their country’s nuclear program in the late 2000s was used in an attack on their telecommunications infrastructure last week. Iran is publicly pointing the finger at Israel, while claiming to have successfully defended the attack, according to multiple news outlets, including…

‘Outlaw’ threat actor uses Shellbot variant to form new botnet

By

An unknown threat actor has been targeting organizations with botnet malware that communicates with its command-and-control server via the Internet Relay Chat application layer protocol. Nicknamed Outlaw, the hacking group developed the botnet as a Perl language-based variant of Shellbot, according to a Nov. 1 blog post from Trend Micro, whose researchers uncovered the threat. Shellbot is…

Assault and battery: Malvertising campaign checks user device’ charge as anti-detection technique

By

A mobile malvertising campaign recently found targeting three digital advertising platforms has been using malware that checks a phone’s battery level as part of an unusual new technique for avoiding detection. In just the last three weeks, the operation has fraudulently generated millions of page views, as the malware redirects certain victims to an unspecified malicious…

‘Narwhal Spider’ group’s spam campaign targets Japanese recipients with URLZone malware

By

A newly discovered spam campaign powered by version two of the well-known Cutwail botnet has been found targeting Japanese users in an attempt to infect them with the URLZone (aka Bebloh) banking trojan. In a company blog post yesterday, Crowdstrike researchers Sebastian Eschweiler, Brett Stone-Gross and Bex Hartley note that the operation leverages the art of…

Next post in Cybercrime