Malware | SC Media

Malware

Authorities free 850,000 machines from grasp of Retadup worm

Law enforcement authorities rescued roughly 850,000 machines that were infected with Retadup malware by replacing the command-and-control infrastructure with a disinfection server, causing the worm to self-destruct. The operation took place last July under the auspices of the French National Gendarmerie’s Cybercrime Fighting Center and the FBI, and was significantly aided by researchers at Avast,…

WordPress plugins vulnerable to redirects

A number of new and old WordPress plugin vulnerabilities are being targeted in an attempt to redirect traffic from victims’ sites to a number of potentially harmful locations. WordFence’s Threat Intelligence team said users of the plugins under attack are protected by individual firewall rules or generic protections built into the plugin, however, two of…

Miscreants infected a poker player's laptop malware that monitored his every online gambling move.

New way to lose at poker? Card game domains infected with Magecart skimmer

Cybercriminals are upping the ante when it comes to compromising websites with Magecart payment card skimmers, as evidence by the recent discovery of two infected web domains used by poker enthusiasts. A Malwarebytes blog post this week identified the two affected web pages as pokertracker.com and its subdomain pt4pokertracker.com. Both are related to a software…

Fake VPN and office software websites spread Bolij.2 banking trojan

Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers. Launched on Aug. 8, the fake NordVPN site, nord-vpn[.]club, has already drawn thousands of visitors so far this month, Dr.Web reports in an…

Remcos RAT campaign delivers new variant using AutoIt wrapper

Researchers have discovered a new Remcos RAT campaign that uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques. Trend Micro uncovered the threat last July after encountering a phishing email that was disguised as an order notification, but actually contained an attachment that delivered the RAT. “The email…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Next post in Cybercrime