Unkillable nasty still climbs out of the grave to this day. The Asprox botnet was responsible for about a lot of attack sessions recorded during October 2014, impacting different organisations.
The Asprox malware family is continuing to plague businesses, despite multiple attempts to disrupt its infrastructure. The Asprox botnet, which first surfaced around six years ago in 2008, has been linked to phishing scam messages as well as the distribution of secondary malware infections. The zombie network also acts as a platform for hack attacks. Asprox spreads through vulnerable websites, using SQL injections attacks to plant malicious code.Read more
Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.
The previously undiscovered malware represents a missing puzzle piece tied to Turla, a so-called advanced persistent threat disclosed in August. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities.Read more
The number of Pre-loaded mobile trojan in the wild is increasing, DeathRing is the last one discovered by the experts. It’s not first the time that Android handsets come preloaded with malware, but cyber security experts are warning of a worrying increase of the cases.
The problem is widespread in Asia and Africa, where criminals are able to compromise the supply chain. Similar cases are frequent for a cheap, low-level devices. Security researchers have detected pre-loaded instances of the DeathRing malware, unfortunately they are not currently aware of where in the supply chain the mobile trojan is installed.Read more
Virus analysts explored a new Trojan horse, designed to infect smartphones and tablets running the Android OS. This malicious program is capable of stealing personal information of owners of mobile devices, as well as to steal money from Bank accounts.
To start its malicious activity it can only after installation in the system by the owner of the mobile device. It should be noted that the choice of application for simulation depends entirely on the imagination of writers and can be absolutely anything. Once installed, the Trojan sets up a shortcut on the home screen. In Fact, virus is able to implement on the infected Android device two attack scenario.Read more
The Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. A new configuration file found on an infected computer targeting processes used by the respective password management tools.
Citadel, like most widely distributed malware families, is crossing over more and more from the realm of cybercrime to APT-style targeted attacks. New features and a hunger for legitimate credentials make the malware, which is already sitting on hundreds of thousands of machines, particularly dangerous to critical infrastructure, in addition to financial services.Read more
Researchers said they discovered and disclosed to Apple, the vulnerability exploited by the WireLurker malware, which targeted iOS mobile devices. Some experts claim that now WireLurker is the only existing malware, which uses the bug in iOS.
Although Apple tried to annul the certificates used by the malware quickly, but the problem is that the flaw relates to an iOS enterprise provisioning failure to double check the identity of a given app against its digital certificate when the developer does not upload the application to the App Store. It gives attackers the ability to replace legitimate iOS apps with malicious ones without notification.Read more
Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers.
Rovnix is a malware variant that often has been distributed by other kinds of malware. Last year Microsoft warned users about a campaign that involved the Upatre malware, which typically is delivered through spam messages. The newer version of Rovnix has some differences from the older variants. The Rovnix creators have made changes to help evade detection by various security products.Read more
The Department of Homeland Security formally sounded the alarm on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late.
The warning came in the form of an alert informing the public of the malware, which is spread through spam and phishing emails. Phishing emails peddling Dyre are now using malicious PDF attachments that leverage vulnerabilities to download the malware. Once it’s downloaded, it captures user login information and sends that on to attackers. Experts are encouraging users to use caution when it comes to opening attachments.Read more
Dridex, the latest descendent of the banking Trojan lineage has been a constant source of attacks using the malware since its release in July. To date, Dridex has centered on sending executable attachments via e-mail.
That seems to have changed this week, as we’ve seen a tactical shift to sending those executable attachments via Microsoft Word documents loaded with macros that download and execute the malware. Like its precursors, Dridex is a sophisticated Banking Trojan, similar to the infamous Zeus malware. Its core functionality is to steal credentials of online banking websites and allow a criminal to use those credentials to initiate transfers and steal funds.Read more
An interesting file turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose.
Further investigation showed that a backdoor, a keylogger and a Trojan-Spy were hidden inside the sample. It is particularly noteworthy that the keylogger uses an open-source kernel extension. The extension's code is publicly available, for example, on GitHub! Depending on their purpose, these files are detected. The result of the check determines where the Trojan's files will be installed:Read more