Malware | SC Media

Malware

‘About Coronavirus’ app locks Android screens with repackaged malware

An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites. Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and…

Salt exploit attacks expose underestimated threat vector: Infrastructure-as-Code tools

Malicious actors have pounced on a pair of critical vulnerabilities found in SaltStack’s open-source, event-based IT automation and configuration management tool Salt. In a series of quick strikes over the weekend, one or more attackers exploited the flaws — disclosed and patched just days earlier — to compromise the “Salt master” servers of several prominent users,…

Reports of COVID-19 malware threats heavier in states with increased testing

Newly published telemetry data collected by the researchers at Bitdefender suggests that U.S. reports of coronavirus-themed malware threat activity have been heaviest in states where testing has increased and the total number of confirmed infections has grown. Among U.S. states, California reported the most threats in both March and April, followed by Texas. New York…

Malvertising scam leverages domain names that sound like legit COVID-19 sites

A recently discovered malvertising campaign is hosting the Fallout exploit kit on attacker-controlled websites featuring domain names that falsely imply they provide useful information about the novel coronavirus. The ultimate goal is to infect victims with KPOT v2.0, an information and password stealer, according to a new blog post from the Avast Threat Intelligence team,…

Healthcare IT workers struggle to secure IoT devices during COVID-19

Ventilators and respirators, on the front line against the respiratory symptoms often deadly for coronavirus patients, may seem like natural points of vulnerability for medical organizations, but the real threats come from the flood of high-tech IoT medical equipment that must be integrated into a network and properly secured from attack. Under normal circumstances hospitals…

U.S. offers up to $5M for info on North Korean cyber activity

Four U.S. federal agencies on Wednesday jointly issued an advisory that warns of ongoing North Korea-sponsored cyberthreat operations, and offers a reward of up to $5 million for information on such operations. The communication, issued by the State Department, the Department of Homeland Security, the Treasury Department and the FBI, details the Democratic People’s Republic…

Researchers see a boom in Zoom domains, stolen accounts

The surging popularity of Zoom video conferencing during the COVID-19 epidemic is compelling internet registrars to make available scores of Zoom-related domains, some of which are being scooped up by malicious actors, researchers from ZeroFox and its Alpha Team reported today. According to a company blog post, Alpha Team members know of roughly 5,343 Zoom-related…

Pranksters installing MBRLocker wiper, blame Vitali Kremez, MalwareHunterTeam for attack

A malicious actor is trying to discredit two of the more well-known personalities in cybersecurity circles by including their names in a note that accompanies a new MBRLocker that has been making the rounds. MBR stands for master boot record. This malware replaces the MBR which effectively stops the computer’s operating system from restarting. Instead…

Next post in Coronavirus