Malware | SC Media

Malware

Remcos RAT campaign delivers new variant using AutoIt wrapper

Researchers have discovered a new Remcos RAT campaign that uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques. Trend Micro uncovered the threat last July after encountering a phishing email that was disguised as an order notification, but actually contained an attachment that delivered the RAT. “The email…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Destructive malware attacks double as attackers pair ransomware with disk wipers

IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…

Clipsa cryptostealer targeting Word Press sites

A new password-stealer malware has appeared that targets cryptocurrencies and brute-forces and steals administrator credentials from unsecured WordPress websites. Avast researchers nicknamed the malware Clipsa, due to its penchant for replacing crypto-addresses present in a clipboard, and noted it is written in Visual Basic and once installed on a device it begins mining cryptocurrency, and…

Cylance Protect AV vulnerability patched

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect. The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files.…

trojanhorse_1032765

Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American…

Hutchins receives no jail time for Kronos banking trojan

Security researcher Marcus Hutchins was sentenced to one year of supervised release by U.S. District Judge J.P. Stadtmueller for his role in creating the Kronos banking trojan. Hutchins, a U.K. citizen, pleaded guilty in April for specific activity that took place between July 2014 and July 2015, which included marketing the Kronos banking trojan on…

Study: Ransomware generates most interest among underground forum users

An analysis of 3.9 million online posts published on underground forums found that ransomware, crypters and trojans were the most frequently referenced categories of malware and malicious tools – an indication of their popularity among forum visitors and potential cybercriminals. Web shells, remote access trojans, adware, computer viruses, FUD (fully undetectable) crypters, exploit kits and rootkits – in that…

Next post in Malware