You know how armies typically move: first come the scouts to make sure everything is ok. Then the heavy troops arrive; at least that was how it used to be before the age of cyber wars. It turns out, that Trojans behave in a very similar way.
There are a lot of small Trojans for Android capable of leveraging access privileges, in other words — gaining root access. Our malware analysts Nikita Buchka and Mikhail Kuzin can easily name 11 families of such Trojans. Most of them are almost harmless — all they did until recently was injecting tons of ads and downloading others of their kind.Read more
At the Security Analyst Summit 2016 our Global Research and Analysis Team has published extensive research on the Adwind Remote Access Tool. It has been developed for several years and distributed through a single malware-as-a-service platform, which means that anyone can pay small dollars for the service and use the malicious tool to their advantage.
GReAT researchers discovered this malware platform during the attempted targeted attack against a bank in Singapore. The malware came in form of a malicious Java-file attached to a spear-phishing email, which was received by a targeted employee at the bank.Read more
A class of Android trojans have found a way to inject themselves into system processes and are leveraging their newfound access to carry out a series of malicious operations.
Detected by Russian antivirus maker Dr.Web as Android.Loki, this trojan family has evolved over time and has gained the ability to inject some of its code in a system process, and by doing so, obtain root privileges. Four different versions have been detected until now: Android.Loki.1.origin, Android.Loki.2.origina, Android.Loki.3, and Android.Loki.6, all with different capabilities, and seeming to work together to infect targets.Read more
Experts have discovered Asacub, a banking trojan which started actively attacking Android users in January. Our experts managed to track its evolution step-by-step. A banking trojan is a type of malware which is installed a mobile device and employs certain techniques to steal money from the user’s credit cards.
Recent versions of Asacub does it by luring a user into submitting credit card credentials via phishing screens. Obviously, this data is not going to a legitimate bank. At first, researchers suggested the banking trojan was targeting Russia and Ukraine exclusively, due to the fact that the phishing resembled the login screens of some Russian and Ukrainian banks.Read more
Some Philips s307 Android smartphones come with a pre-installed trojan that shows ads and animations on the user's main screen, and cannot be removed without a firmware update or after going through a complicated series of steps, as Dr.Web, a Russian antivirus maker, is reporting.
The adware was initially spotted in October but was only found on low-end Android smartphones from a series of unknown manufacturers. A recent incident has brought the trojan back into Dr.Web's attention when Android.Cooee was found in high-end smartphones manufactured by Philips.Read more
Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.
Discovered four days ago, Linux.Ekocms is only the latest threat targeting Linux PCs, after the Linux.Encoder ransomware family and the Linux XOR DDoS malware had caused a large number of issues last autumn and put a dent in Linux's status as impermeable when it comes to malware infections. According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.Read more
In the last quarter of 2015, we observed an emerging trend among financial Trojans. An information stealing Android threat added functionality to its code that can enable it to deceive voice call-based two-factor authorization systems.
What is voice call-based two-factor authorization? In a typical 2FA system, the second factor—normally a generated one-time passcode — is sent to the user’s registered mobile number through short messaging service. In the past, we have seen several cases where the malware installed on the victim’s device snooped on or intercepted the incoming SMS containing the OTP.Read more
Security researchers have detected a new trojan targeting Android devices, but this one is unique in its own right because its creators have built it on top of an Android rooting utility called Root Assistant.
The new trojan takes the rooting toolkit's source code and twists it for malicious purposes, using it to gain root access without needing user interaction by leveraging the features packed inside the rooting toolkit. Root Assistant was created a few years back by a Chinese company to allow users to root their devices using a single tap and four Android vulnerabilities. There are at least 600 users infected with Rootnik.Read more
Cyber-crooks behind the notorious Dyre malware have set their sights on customers of Spanish banks. First spotted in 2014, Dyre targets banks all over Europe, apart from in Russia and former Soviet republics.
However, a new Trojan configuration file analysed by the IBM team suggests that the malware is gearing up for a concerted assault on Spanish banks. IBM Security researchers say that Dyre is one of the most advanced malware codes active in the wild because of its feature-rich capabilities and its constant updates, which are designed to evade detection by anti-virus and static security mechanisms.Read more
Cybercriminals are learning from each other. Take TeslaCrypt, for example. It is a relatively new family of ransomware; its samples were first detected in February 2015.
The notable feature of the early TeslaCrypt versions was that malware was targeting not only usual sets of files, including documents, pictures and videos, but games-related file types as well. By that time, it was a rather weak malware due to a couple of its technical flaws. Despite the fact malware creators scared their victims with the frightful RSA-2048 algorithm, in reality the encryption was not that strong.Read more