Malware | SC Media

Malware

Plurox backdoor opens up networks to cryptominers and protocol exploits

Researchers earlier this year discovered a modular backdoor that delivers one of eight different cryptominers to infected systems, as well as malicious plug-ins that exploit the UPnP and SMB protocols. Written in C and compiled with Mingw GCC, the malware, dubbed Plurox, was discovered last February by researchers at Kaspersky, who believe they detected the…

Making a racket: LoudMiner malware cryptojacks VMs, comes bundled with pirated VST software

Malicious actors are attempting to infect computers running Tiny Core Linux virtual machines with an XMRig-based cryptominer that’s being bundled with pirated copies of Virtual Studio Technology (VST) software applications. Dubbed LoudMiner, the Monero-mining software first appeared in August 2018, and works by abusing virtualization software – QEMU on macOS machines and VirtualBox on Windows devices.…

Deloitte releases paper on vetting leaks, avoiding costly hoax

Hoax PC cleaner software on the rise, report

Hoax system cleaner software activity has seen a significant uptick in activity in the last year with the number of users attacked increasing from 179,405 victims in July 2018,  peaking to 471,501 in December 2018, and tapering off to 306,933 users hit in May 2019, according to a June 19 Kaspersky report. After installation the…

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

As GandCrab gang prepares to retire, decryptor for v5.2 of ransomware released

The purportedly final version of GandCrab ransomware can now be neutralized with a new decryption tool, made available to the public. This latest decryptor is effective against versions 1, 4 and 5.x up through 5.2. Version 5.2 is the last iteration created by the prolific ransomware’s developers before they announced on a dark web forum…

AESDDoS botnet malware target Docker containers

A newly discovered botnet malware exploits an API misconfiguration in the open-source version of the DevOps tool, Docker Engine-Community, to infiltrate containers and run a variant of the Linux botnet malware AESDDoS, according to a Trend Micro blog post. “Docker APIs that run on container hosts allow the hosts to receive all container-related commands that…

Philly Courts shut down by unspecified malware

Not even a month after ransomware struck the city of Baltimore, an unspecified malware attack shut down Philadelphia’s online court systems for weeks forcing attorneys to file paperwork in person, longer lines, and even jury duty excusals being granted via Twitter. The problems started on May 21 when the malware was discovered in “a limited…

Monero crypto-currency (Cryptonic.net)

Adversaries exploit WebLogic bug to deliver cryptominer, use .cer files for obfuscation

Cybercriminals have been using a recently discovered critical vulnerability in the Oracle WebLogic server to deliver a Monero cryptomining program, while using certificate files to obfuscate malicious code. Caused by a deserialization error, the flaw, CVE-2019-2725, was patched in an April 26 out-of-band security update. The SANS ISC InfoSec forums originally hosted reports of malicious actors exploiting…

New Hawkball backdoor attacks government sector in Central Asia

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…

Next post in Malware