Malware News, Articles and Updates

Google Chrome users targeted with 'missing font' malware scam

Hackers are at it once again, this time targeting Google Chrome users to install a fake "missing font" and then infect them with malware.

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.

Infected weather app's forecast: Malware

Android users who recently downloaded the Good Weather app received quite a bit more than just a weather forecast: primarily having their mobile banking app compromised.

Operation BugDrop spies on mic recordings, uses Dropbox to exfiltrate data

A sophisticated cyber espionage operation focused primarily within Ukraine reportedly uses malware that leverages Dropbox to exfiltrate stolen data, including conversations recorded by infected computers' audio microphones.

XAgent malware linked to DNC hackers can now attack Macs

Macs are officially no longer immune to XAgent, a backdoor malware linked to the Russian threat group APT 28, as researchers have now discovered a version targeting machines running on OS X.

TeamSpy malware exploits TeamViewer in phishing campaign

Heimdal Security researchers spotted a new spam campaign carrying the TeamSpy data-stealing malware.

Malware targeting banks contains apparent false flags designed to frame Russians

Malware samples recovered from watering hole attacks recently targeting banks across the globe contain false flags that fraudulently suggest Russian actors are behind the campaign, even though the most likely culprit is the Lazarus Group.

Fake Pornhub app spreads ransomware like STDs

Those who may have jumped on the company's free Valentine's Day offer beware.

Check Point: Ransomware % of malware doubled in second half of 2016

The company's report says ransomware attacks increased from 5.5 percent, to 10.5 percent of all recognised malware attacks from July to December 2016.

Shamoon entry point detected, IBM report

Researchers are closer to uncovering the miscreant behind a deadly cyberattack that affected thousands of computers used by government and civil organizations in the Gulf states.

New Android downloader masquerading as Flash Player update

Users who install the malware might find their mobile devices held to ransom or bank accounts emptied.

Orlando, Tampa and St. Louis have 5x's malware of US average

A recent study found computers in Tampa, Orlando and St. Louis are more than five times as likely to be infected with malware as the national average.

Mac malware reportedly first to infect machines using macros

Researchers have identified what they believe is the first in-the-wild instance of hackers using malicious macros in Word documents to execute malware on Mac computers, instead of Windows-based machines.

Return to sender: Smishing attack delivers fake Czech postal service texts

A newly discovered smishing campaign is faking texts from the Czech Republic's postal service, hoping to trick recipients into downloading a malicious app containing a trojan horse designed to steal credit card information.

Researchers warn of Spigot browser hijacker PUP

Malwarebytes researchers warn users to be on the lookout for a large family of Spigot browser hijackers.

Hummingbad overtaken as leading mobile malware in threat index

Triada, a modular backdoor for Android, the top of the "most wanted mobile malware".

Attackers steal from ATMs after infecting banks with memory-only malware

One or more unidentified hacker groups are leveraging free and commonly available pen testing tools to attack enterprises in the finance, government and telecom sectors with "fileless" malware that resides only in a machine's RAM, making it extremely difficult to detect and analyze.

Mac malware originated in Iran, say researchers

A piece of malware, believed to have originated in Iran, was detected on the Apple computers of a phony website masquerading as a U.S. aerospace firm, as well as that of a human rights advocate.

Websites of foreign embassies and ministries compromised to infect visitors

An unknown actor whose targets and tactics resemble those of a Russian advanced persistent threat group has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware.

Probation for Carnegie Mellon student who sold malicious software

A former Carnegie Mellon student received a three-year probation and was ordered to perform 300 hours of community service following his participation in the Darkode cybercriminal marketplace.

U.S. citizen sues Ethiopian gov't for planting spyware

A U.S. citizen is suing the Ethiopian government for planting spyware on his personal computer and for illegal wiretapping.

SQL Sequel: Sequel Slammer worm resurfaces after more than a decade

SQL Slammer, a fast-moving worm that generated a wave of distributed denial of service attacks in 2013, mysteriously resumed high levels of activity in late 2016 after more than a decade of dormancy.

ElTest adds CryptoShield 1.0, a Cryptomix variant, to its arsenal

A newly discovered derivative of CryptoMix ransomware, dubbed CryptoShield 1.0, is reportedly one of the latest malicious tools to be adopted by the ElTest malware campaign. And while it's name may convey images of protection, it is very much used an an offensive weapon.

Flokibot trojan spotted targeting Brazilian POS infrastructure

Arbor Networks researchers spotted the Flokibot malware family to target Point of Sale Infrastructure in Brazil and other countries.

Downeks and Quasar malware combine in attack linked to Gaza Cybergang

A recent spate of attempted malware attacks intended to infect government entities in the Middle East with a customized version of the Quasar remote access trojan appears to be linked to the Hamas-linked Gaza Cybergang.

31 models of Netgear routers found vulnerable; could be hacked to form botnet

Up to one million Netgear routers could be affected by flaws.

Video: Cerber, Locky, Kovter top malware families in 2016: Malwarebytes

Cybersecurity concerns hit the big time in 2016.

Linux.Proxy.10 infects thousands of devices with standard settings

Dr. Web researchers spotted a Linux trojan, dubbed Linux.Proxy.10 that has been used to infect thousands of Linux devices.

Terdot Zloader/Zbot combo abuses certificate app to pull off MITM browser attacks

The downloader Terdot Zloader and its accompanying Zbot banking trojan payload abuse a legitimate certificate application to spy on users and modify web content via man-in-the-middle attacks against browsers, an in-depth code analysis shows.

SC Media Exclusive: Rootnik Android malware variant designed to frustrate researchers

A newly identified version of the Android malware "Rootnik" features anti-debugging and anti-hooking capabilities designed to hinder analysts' efforts to reverse engineer it.