Malware | SC Media

Malware

Destructive malware attacks double as attackers pair ransomware with disk wipers

IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…

Clipsa cryptostealer targeting Word Press sites

A new password-stealer malware has appeared that targets cryptocurrencies and brute-forces and steals administrator credentials from unsecured WordPress websites. Avast researchers nicknamed the malware Clipsa, due to its penchant for replacing crypto-addresses present in a clipboard, and noted it is written in Visual Basic and once installed on a device it begins mining cryptocurrency, and…

Cylance Protect AV vulnerability patched

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect. The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files.…

trojanhorse_1032765

Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American…

Hutchins receives no jail time for Kronos banking trojan

Security researcher Marcus Hutchins was sentenced to one year of supervised release by U.S. District Judge J.P. Stadtmueller for his role in creating the Kronos banking trojan. Hutchins, a U.K. citizen, pleaded guilty in April for specific activity that took place between July 2014 and July 2015, which included marketing the Kronos banking trojan on…

Study: Ransomware generates most interest among underground forum users

An analysis of 3.9 million online posts published on underground forums found that ransomware, crypters and trojans were the most frequently referenced categories of malware and malicious tools – an indication of their popularity among forum visitors and potential cybercriminals. Web shells, remote access trojans, adware, computer viruses, FUD (fully undetectable) crypters, exploit kits and rootkits – in that…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

ghostlyskullmobilemalware_826540

FIN8 actors’ recent activity buoyed by new malware toolset: report

Researchers investigating FIN8 have shared their findings on a new reverse shell malware program that the cybercriminal group uses to establish command-and-control communications with infected machines. Additionally, they have released details on recently uncovered variants of the threat actor’s ShellTea backdoor implant and PoSlurp point-of-sale malware. FIN8 burst back on the scene last month when…

Microsoft Office 365

Scams use false alerts to target Office 365 users, admins

Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators. The scams are respectively detailed in a pair of…

Researchers bypass Cylance’s AI-based AV solution by masking malware with video game code

Researchers have disclosed that they were able to repeatedly sneak malware past a leading AI-based endpoint security solution simply by appending benign code strings from a video game file to the malicious code. The solution, CylancePROTECT, from Cylance and its parent company BlackBerry, failed to detect almost 90 percent of the 384 malware programs that…

Next post in Security News