A new Android Trojan called SpyNote has been identified by researchers who warn that attacks are forthcoming. The Trojan has not been spotted in any active campaigns. But expert believes because the software is now widely available on the Dark Web, that it will soon be used in a wave of upcoming attacks.
Researchers say that’s where they found a malware builder tool specifically designed to be used to create multiple versions of SpyNote Trojan. SpyNote has a wide range of backdoor features that include the ability to view all messages on a device, eavesdrop on phone calls, activate the phone’s camera or microphone remotely or track the phone’s GPS location.Read more
Hackers breached the official website of the popular remote administration tool Ammyy Admin and leveraged it to deliver Lurk and other pieces of malware. Lurk is a banking Trojan that has been used to target Russian financial institutions and other types of organizations.
The threat has been around for five years and experts estimate that it has helped cybercrime gangs steal roughly $45 million. Russian authorities recently arrested 50 individuals suspected of using the malware and the arrests are believed to have led to the disappearance of the notorious Angler exploit kit. The Lurk Trojan has often been delivered via watering hole attacks.Read more
The most recent version of the CryptXXX ransomware came with lots of changes, among which the most important is an infostealer module that can dump and steal passwords from various applications on the infected machine.
Called StillerX, this module was seen part of CryptXXX, detected by Proofpoint for the first time on May 26. The US security firm says that this CryptXXX version comes with lots of new features, but StillerX makes it more dangerous than before. StillerX works just like classic password dumpers, also known as infostealers. CryptXXX's StillerX module is capable of targeting all sorts of software.Read more
Researchers have presented data about a cyber-espionage campaign they named OilRig, targeting Saudi Arabian financial institutions and technology organizations, which appears to have taken aim at the country's defense industry as well, but at a different time last year.
The most recent waves of attacks were recorded in May 2016 and seem to have ties with a broader campaign targeting a large number of banks across the Middle East, which is using malicious Excel files and on which we reported at the start of last week. Expert says the crooks used two different delivery methods to deploy a backdoor named Helminth.Read more
As if ransomware weren’t bad enough, now it’s metastasising: not just spreading rapidly but even picking up secondary characteristics. Take Cerber, ransomware first spotted in the wild back in February 2016.
At the time, Cerber was best known for being somewhat spooky — instead of merely flashing an ominous message at victims, Cerber delivered its ransom “note” verbally as well. Still, it was a standard modus operandi: Give us money and we’ll give you back your files. Now, Cerber and other Trojans encrypt the data of their victims, and most computer users haven’t a clue how to handle it. Sounds like a great diversionary tactic, doesn’t it?Read more
An Android trojan detected by Russian security firm Dr.Web as Android.SmsSpy.88 evolved in the past two years from simple spyware to banking trojan, and now to a mobile ransomware threat.
First detected in April 2014, the trojan was initially distributed via SMS spam, and once it infected victims, it was capable of intercepting phone calls and SMS messages, usually used for two-factor authentication systems. As time went by, the Android.SmsSpy trojan evolved and added the ability to phish for credit card details using a Google Play Store-like interface, as well as to show interstitials mimicking popular Russian bank logins.Read more
Five apps on Google Play carry Viking Horde, a new malware family that ropes Android devices into an ad-clicking botnet, but can also make them send out spam, send SMS messages to premium-rate numbers, download additional apps, and even participate in DDoS attacks.
The discovery was made by Check Point researchers, and they have notified Google about it on May 5, but as I’m writing this, the apps are still available on Android’s official app store. The most popular of these is Viking Jump, which was installed by at least 50,000 users, despite the poor ratings and reviews that point to its questionable nature.Read more
Researchers have come across a new banking Trojan that appears to borrow code from the notorious Zeus. Dubbed Panda Banker, the threat was discovered in February by Fox IT and later analyzed in detail by experts at Proofpoint.
According to Proofpoint, cybercriminals have used both spear-phishing emails and exploit kits to deliver the Trojan. In one spear-phishing campaign observed on March 10, attackers sent an email containing a malicious document to people working in mass media and manufacturing organizations. When recipients opened the document, Panda Banker was downloaded from a remote server.Read more
If you haven’t embraced backups yet because you think you are so tech savvy that you wouldn’t open spam email or fall for social engineering tricks, then brace yourself for cryptoworms.
Security researchers warned that self-propagating ransomware, the semi-autonomous kind that doesn’t need any help from humans to spread, is coming in the future. The Cisco Talos report, “Ransomware: Past, Present, and Future” first delves into the “traits of highly effective strains of self-propagating malware” before discussing how ransomware could evolve to include powerful, built-in, self-propagating traits like those in worms and botnets.Read more
Security experts are warning organizations about a new USB trojan that is extremely difficult to spot, can target air-gapped systems, and is ideal for cyber and industrial espionage campaigns.
Nicknamed USB Thief, this is probably the most complex trojan ever discovered, using encryption and self-protection procedures to infect targets and hide from prying eyes. The trojan binds itself on each USB stick, using the USB drive's details to hide its malicious files under AES128 encryption. If the trojan is copied to another USB or on a classic storage device, the encryption breaks, and the content of the malicious files cannot be determined.Read more