Malware News, Articles and Updates

600+ samples of Spring Dragon APT malware spotted

Researchers managed to collect more than 600 samples of malware from the group suggesting they are operating on a massive scale.

Necurs-powered Trickbot trojan begins targeting U.S. banks with webinject capabilities

The Trickbot banking trojan has a couple of new tricks up its sleeve: leveraging the Necurs botnet to spread via spam emails, while expanding its webinject capabilities in order to victimize customers of U.S. banks.

Tables turned: Researcher reportedly creates C&C server to spy on Fruitfly Mac malware

A security researcher looking into a variant of the Mac spyware Fruitfly uncovered a pool of roughly 400 infected victims, after reportedly registering a back-up C&C server that was coded in a sample of the malware and taking it over.

Russian Citadel malware co-developer 'Kolypto ' sentenced to prison

The Russian hacker who pleaded guilty for his role in co-developing the Citadel malware Wednesday was sentenced to five years in Prison.

Cyber-terrorism: the next logical threat to come from IS

Earlier this year the attacks in London and Manchester catapulted terrorism back into the mainstream for many UK citizens.

'Combat-grade' Nukebot spotted along with other mods

Three months after the malware's author released source code, 'combat-grade' Nukebot spotted.

FBI PSA says connected toys may present privacy risks to children

The agency encourages parents to do their due diligence into the cybersecurity of toys that connect to the internet both directly through Wi-Fi and indirectly via Bluetooth to a mobile device connected to the internet.

Bargain-basement credentials stealing malware picks on browsers

"Ovidiy," a recently discovered credentials stealing malware that targets primarily browsers, is being marketed primarily to Russian speakers at the very affordable price of approximately $7-$13 per individual build.

OSX/Dok malware spread via phishing to steal banking credentials

Researchers spotted a phishing campaign combined with a man-in-the-middle (MiTM) attack to target Mac OS users and spread the OSX/Dok malware.

CopyCat adware uses Amazon Web Services, APK segmentation to evade detection

The CopyCat adware that infected over 14 million Android devices employs evasion techniques to avoid detection, including the use of Amazon Web Services and the segmentation of malicious APK files.

Magala trojan hijacks Internet Explorer, then commits click fraud

A click fraud trojan called Magala is hijacking Internet Explorer browsers and opening virtual desktops on infected machines in order to artificially inflate various web pages' click counts.

Report: NotPetya actors created fraudulent payment site on Tor

The actors behind the NotPetya wiper malware created a payment site as a ruse to fool victims into thinking their ravaged files could be salvaged, even though there remains little guarantee of this, according to a new blog post from Cylance.

SpyDealer Android malware hitting smartphones in Asia

SpyDealer was discovered by Palo Alto Networks, and while it has the potential to be quite dangerous, there are several mitigating factors that have helped limit the malware's impact.

WikiLeaks drops new CIA tools, BothanSpy and Gyrfalcon

WikiLeaks latest Vault7 offering includes two CIA hacking tools, BothanSpy and Gyrfalcon 2.0, which can swipe SSH credentials.

Backdoor placed in popular Ukrainian software enabled NotPetya attack

A backdoor may have been placed in the software of a Ukrainian accountancy software vendor to help distribute the NotPetya malware.

Kaspersky: Banks, manufacturers, oil and gas utilities roughly 82% of NotPetya's corporate victims

Kaspersky further reported that 60 percent of NotPetya infections took place in Ukraine, while Russia experienced just over 30 percent.

TeleBots hacking group keeps busy under NonPetya, WannaCry smokescreen

NotPetya and WannaCry may have grabbed headlines over the last few months, but ESET points out in a recent report that the Ukraine has been under siege for months by a group dubbed TeleBots that has run a series of damaging attacks against that country.

UPDATED: Information-stealing malware found targeting Israeli hospitals

Researchers from Trend Micro have discovered a malware campaign seemingly targeting Israeli hospitals with highly obfuscated information-stealing malware that abuses LNK shortcut files.

Microsoft Windows Defender flaw found and fixed

Microsoft has issued an advisory and patched a remote code execution vulnerability in its Microsoft Malware Protection Engine after the flaw was spotted by a Google Project Zero bug hunter.

Koler ransomware campaign targets U.S. Android users

Researchers last week spotted a new variant of the Koler ransomware targeting U.S. users with fake Pornhub apps in its latest campaign.

Investigate Russian meddling in energy infrastructure, senators urge Trump

In a letter sent to the White House on June 22, 19 senators urged President Trump to direct the Department of Energy to investigate Russian meddling with U.S. energy infrastructure.

Following anti-trust complaints, Microsoft defended its proprietary AV software

Microsoft is making its case against anti-trust complaints that it uses its dominant position in the marketplace to unfairly promote its proprietary anti-virus software at the expense of offerings from third-party competitors.

Variant of Marcher Android malware poses as Flash Player update

Developers of the Android banking malware Marcher are now disguising the trojan as an Adobe Flash Player update, the cloud security company Zscaler has reported in a Thursday blog post.