Malware news & analysis | SC Media

Malware

Coronavirus tracking app locks up Android phones for ransom

A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access. (Note: a password key has since been published. See follow-up story here.) Dubbed CovidLock, the newly discovered ransomware performs a screen-lock attack by forcing a change in the password required…

Necurs botnet operation dismantled; millions of malicious domains disabled

A coalition of security-minded organizations led by Microsoft struck a major blow against the mighty Necurs botnet — one of the largest in world — dismantling its infrastructure in a global takedown. Empowered by a court order, Microsoft not only took control of the Necurs operators’ web domains, but it blocked an additional 6 million…

Cookie-stealing Android trojan likely used for spam distribution campaign

Who stole the cookie from the cookie jar? It’s Cookiethief, a newly discovered Android trojan that gains root access to devices and exfiltrates browser and Facebook app cookies to a malicious server. Attackers typically use stolen cookies to impersonate victims and access their online accounts in unauthorized fashion. In this instance, researchers believe the culprits…

Malicious coronavirus map hides AZORult info-stealing malware

Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing, showing an image of…

Durham, N.C. bull rushed by ransomware; recovery underway

The city of Durham, North Carolina and the government of Durham County have experienced disruptions since a ransomware attack last Friday, but local government officials claim the damage was contained and recovery efforts are well underway. “Fortunately, the City was prepared with notification systems in place that worked as planned, providing immediate notice to City…

Don’t get fooled again: Fake coronavirus emails impersonate the WHO to deliver FormBook trojan

Fears over the novel coronavirus have triggered mass quarantines, Purell and Clorox shortages and financial market turmoil. As global concerns continue to mount with the latest headlines – just today, it was reported that the head of the Port Authority of New York and New Jersey was infected – cyber fraudsters and threat actors continue…

Don’t install that security certificate; it’s a malware scam

Cybercriminals have been compromising websites to display a fake security certificate error message in hopes of tricking visitors into downloading the Mokes backdoor or the Buerak downloader. Researchers from Kaspersky who discovered the scam said in a blog post that the ruse is a new twist on the old technique of hacking a website so…

Data-stealing ransomware hits parts maker for Tesla, Boeing and Lockheed Martin

Visser Precision, a parts maker and manufacturing solutions provider for the aerospace, automotive, industrial and manufacturing industries, has reportedly suffered a combination ransomware attack and data breach that has compromised files pertaining to multiple business partners, including Tesla, SpaceX, Boeing and Lockheed Martin. In a statement, Denver, Colorado-based Visser confirmed it was “the recent target…

Officials preparing for cyber attacks, scams as Olympics nears

Magecart Group 12 named as actor behind Olympic ticket POS attack

The ticket reselling sites olympictickets2020.com and eurotickets2020.com reportedly have been compromised with Magecart POS skimming malware. Magecart was first spotted on the two sites , which deal in tickets for the upcoming 2020 Tokyo Olympics EUFA Euro 2020, and were detailed In late January by researchers Jacob Pimental and Max Kersten and RiskIQ took the…

Next post in Malware