Hackers breached the official website of the popular remote administration tool Ammyy Admin and leveraged it to deliver Lurk and other pieces of malware. Lurk is a banking Trojan that has been used to target Russian financial institutions and other types of organizations.
The threat has been around for five years and experts estimate that it has helped cybercrime gangs steal roughly $45 million. Russian authorities recently arrested 50 individuals suspected of using the malware and the arrests are believed to have led to the disappearance of the notorious Angler exploit kit. The Lurk Trojan has often been delivered via watering hole attacks.Read more
It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new, while other items show up on these lists every year.
Criminal groups will increasingly adopt nation-state tactics. There are a couple of ways that I see this potentially working: the nation-state groups could work together with criminal groups towards a common goal. State groups could also contract their espionage activities out to criminal groups, that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities. Below there are nine predictions from experts.Read more
Researchers said they discovered and disclosed to Apple, the vulnerability exploited by the WireLurker malware, which targeted iOS mobile devices. Some experts claim that now WireLurker is the only existing malware, which uses the bug in iOS.
Although Apple tried to annul the certificates used by the malware quickly, but the problem is that the flaw relates to an iOS enterprise provisioning failure to double check the identity of a given app against its digital certificate when the developer does not upload the application to the App Store. It gives attackers the ability to replace legitimate iOS apps with malicious ones without notification.Read more
A new kind of malicious software strikes at Mac OS X and iPhone users in China. Apple users in China have an active, new threat to contend with that attacks iPhones and iPads through Apple's Mac OS X operating system, a US security firm reported.
The malicious software waits for a device running iOS mobile operating system to connect via USB to a Mac laptop or desktop. The software stores adds malicious code to legitimate iOS apps. The malware attack is limited to China. The threat is new to Apple, though this sort of attack has been around since about 2003, said intelligence director. Apple did not return a request for comment.Read more