Malware News, Articles and Updates

Apparent Korean actor 'Group123' linked to six phishing campaigns, including 'Evil New Year' scam

Researchers have attributed six separate phishing campaigns targeting South Koreans in either 2017 or 2018 to a single threat actor called "Group123," including multiple operations designed to infect victims with the remote administration tool ROKRAT.

KillDisk wiper malware sets sights on Latin American financial organizations

A new variant of the disk wiping malware KillDisk is targeting financial firms in Latin America to wreak havoc without leaving so much as a note.

OS X MaMi DNS hijacker spotted, analyzed

An independent security researcher has done a quick analysis of a new Mac OS X DNS hijacker that is closely related to a previously uncovered Windows-only version that is capable of allowing man-in-the-middle attacks.

Researchers: Malicious Chrome extensions infected 500K workstations

More than a half-million workstations at major global organizations were reportedly found infected with malicious Chrome web browser extensions that were likely used to commit click fraud and search engine optimization manipulation.

Pawn Storm readied attacks against U.S. senators, political and Olympic targets

The cyberespionage gang Pawn Storm had an extremely active second half of 2017 with targets ranging from the Olympic Wintersports Federations to various political targets.

AdultSwine malware helps porn ads and scams invade children's apps

Cybercriminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

Teligram? Fake Telegram app contains malvertising

A phony and malicious application imitating the Telegram app made its way into the Google Play Store posing as a newer updated version of the popular messaging app.

Cryptominer malwares in RIG EK spread via malvertising

Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners.

FakeBank malware accesses sensitive SMS banking messages

A newly discovered mobile malware program that primarily targets Russian banking customers can take over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, and then use those codes to reset bank account passwords.

Taiwanese police reward malware laced USB sticks as prizes for cybersecurity quiz

Taiwanese police handed out malware-laden USB sticks as prizes for a security quiz given during an infosec conference in December 2017.

Researchers believe malicious Android app written in Kotlin code may be a first

Researchers have discovered a fake utility app called Swift Cleaner that they believe may be the first Android mobile malware developed using the open-source Kotlin programming language.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Ukrainian software company compromised to spread Zeus banking trojan

Cybercriminals launched a cyberattack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a. Ukrainian holiday.

New adware found in fake Flashlight apps with dark intentions

A newly discovered mobile adware program called LightsOut was recently observed in numerous fake Android flashlight applications, reportedly prompting their removal from the Google Play Store.

Dismantled Andromeda botnet will 'slowly disappear' over time, says ESET researcher

What remains of the Andromeda botnet that was largely dismantled in a November 2017 global law enforcement operation will probably "slowly disappear" as remediation continues into 2018, predicted one cybersecurity company that assisted in the investigation.

36 malicious apps advertised as security tools spotted in Google Play

Trend Micro researchers notified Google of a total of 36 malicious apps on Google Play posing as security tools.

Cybercriminals favored non-malware attacks in 2017: Report

Non-malware-based cyberattacks were behind the majority of cyber incidents reported in 2017, despite proliferation of malware available to both the professional and amateur hacker.

Forever 21 blames POS malware, lapses in encryption, for payment card data compromise

A POS malware infection was responsible for compromising payment card data collected at certain Forever 21 stores last year -- an attack that was exacerbated by a lack of encryption on some devices, the apparel retailer stated.

Necurs botnet launches massive 47 million emails per day campaign

The Necurs botnet continued to launch massive global ransomware attacks through the Holiday Season with researchers stopping as many as 47 million emails per day.

Criminals spoof scanners and printers by the millions to spread malware

Cybercriminals are spoofing scanners by the millions to launch attacks containing malicious attachments that appear to be coming from the network printer.

Free software downloads infecting users with NiceHash cryptominer, warns researchers

Adversaries are using the lure of free online software downloads to infect unknowing victims with a customized version of cryptocurrency mining software from the NiceHash marketplace.

VenusLocker ransomware extortionists switch m.o., pursue Monero cryptomining

The same threat group that was responsible for extorting victims with VenusLocker ransomware last year has now shifted its attention to cryptocurrency mining, according to new research.

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer

Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, this time using the bug to deliver a modified version of Loki information-stealing malware.

Jack of all trades Loapi Android trojan hosts an array of threats

An Android trojan has been described as a jack of all trades due to its complicated modular architecture.

Firefox Mr. Robot ad looks like malware to users

Mozilla scared and or upset several of its users with the unannounced addition of a new plug-into promote the hacker show Mr. Robot.

More evidence emerges of North Korea targeting cryptocurrency industry

Several new reports have surfaced detailing North Korean state interest in targeting and attacking cryptocurrency exchanges as a means of enriching itself.

Zeus Panda targeting holiday shoppers

With just a few more shopping days available before Christmas, cybercriminals are taking advantage of online shoppers' frenzied buying habits by injecting the Zeus Panda banking trojan into a wide range of retail and travel sites, along with spreading the malware through malspam.

Prilex and Cutlet Maker ATM malwares uniquely target users

Trend Micro researchers spotted two ATM malware families which raise concern of what's to come.