Malware news & analysis | SC Media

Malware

Brazil

BRATA malware targeting Brazilian Android devices

First there was Brangelina, TomKat and Bennifer and now Kaspersky has presented the world with BRATA, or Brazilian RAT Android. BRATA is not a power celebrity couple, but is a relatively new Android remote access tool family that, at least so far, has exclusively targeted Brazilians using Android 5.0 or higher, according to Kaspersky’s GReAT…

Reports say China devised iPhone malware campaign to track Muslims; Android and Windows devices also targeted

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Watering-hole attack campaign designed to infect iOS users via exploit chains

Researchers at Google’s Project Zero yesterday lifted the curtain on a long-running mobile malware operation that for years attempted to infect iOS device users with a malware implant, using exploits delivered via a small number of compromised websites. In an online blog post report, Google researcher Ian Beer did not reveal the specific websites that…

TrickBot updated to target mobile carrier customers’ PIN codes

The developers behind TrickBot have modified the banking trojan to target customers of major mobile carriers, researchers have reported. TrickBot secretly intercepts infected users’ network traffic and routes it to a malicious server. The server then injects additional HTML and JavaScript code before the web browser is able to render the page. Such man-in-the-browser attacks…

Authorities free 850,000 machines from grasp of Retadup worm

Law enforcement authorities rescued roughly 850,000 machines that were infected with Retadup malware by replacing the command-and-control infrastructure with a disinfection server, causing the worm to self-destruct. The operation took place last July under the auspices of the French National Gendarmerie’s Cybercrime Fighting Center and the FBI, and was significantly aided by researchers at Avast,…

LYCEUM threat group targets oil and gas, critical infrastructure orgs in MidEast

A LYCEUM threat group targeting critical infrastructure entities – including oil and gas and telecommunications organizations in the Middle East – went undetected for more than a year, according to researchers at the Dell SecureWorks Counter Threat Unit (CTU). “Stylistically, the observed tradecraft resembles activity from groups such as COBALT GYPSY (which is related to…

Miscreants infected a poker player's laptop malware that monitored his every online gambling move.

New way to lose at poker? Card game domains infected with Magecart skimmer

Cybercriminals are upping the ante when it comes to compromising websites with Magecart payment card skimmers, as evidence by the recent discovery of two infected web domains used by poker enthusiasts. A Malwarebytes blog post this week identified the two affected web pages as pokertracker.com and its subdomain pt4pokertracker.com. Both are related to a software…

Vast majority of newly registered domains are malicious

Newly registered domains (NRDs) are created at the astounding rate of about 200,000 every day and a recent report indicates that 70 percent of these are malicious or suspicious and used for a wide range of nefarious activities. The NRDs are an interesting breed with some staying active for a very brief period, just hours,…

Fake VPN and office software websites spread Bolij.2 banking trojan

Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers. Launched on Aug. 8, the fake NordVPN site, nord-vpn[.]club, has already drawn thousands of visitors so far this month, Dr.Web reports in an…

Next post in Cybercrime