Malware news & analysis | SC Media

Malware

Destructive malware attacks double as attackers pair ransomware with disk wipers

IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…

LookBack malware targeting utility sector

Three U.S. firms in the utility sector were hit with a spear phishing campaign in mid-July with the emails containing a malicious Word document that can contain and can install the new remote access trojan LookBack. The Proofpoint Threat Insight Team’s initial take is the attack was the work of a nation-state sponsored actor based…

trojanhorse_1032765

Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American…

malware

RIG, Fallout EKs used to deliver new SystemBC malware

Researchers have come across a new proxy malware program that’s being delivered by the RIG and Fallout exploit kits as part of a larger campaign to infect victims with malicious payloads such as the Danabot banking trojan. Proofpoint’s Threat Insight Team began to track the malware, called SystemBC, on June 4 when it was observed…

Study: Ransomware generates most interest among underground forum users

An analysis of 3.9 million online posts published on underground forums found that ransomware, crypters and trojans were the most frequently referenced categories of malware and malicious tools – an indication of their popularity among forum visitors and potential cybercriminals. Web shells, remote access trojans, adware, computer viruses, FUD (fully undetectable) crypters, exploit kits and rootkits – in that…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

ghostlyskullmobilemalware_826540

FIN8 actors’ recent activity buoyed by new malware toolset: report

Researchers investigating FIN8 have shared their findings on a new reverse shell malware program that the cybercriminal group uses to establish command-and-control communications with infected machines. Additionally, they have released details on recently uncovered variants of the threat actor’s ShellTea backdoor implant and PoSlurp point-of-sale malware. FIN8 burst back on the scene last month when…

Microsoft Office 365

Scams use false alerts to target Office 365 users, admins

Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators. The scams are respectively detailed in a pair of…

Researchers bypass Cylance’s AI-based AV solution by masking malware with video game code

Researchers have disclosed that they were able to repeatedly sneak malware past a leading AI-based endpoint security solution simply by appending benign code strings from a video game file to the malicious code. The solution, CylancePROTECT, from Cylance and its parent company BlackBerry, failed to detect almost 90 percent of the 384 malware programs that…

Next post in Security News