When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
Instead of relying on old techniques of malvertising and spam campaigns, this group has taken a novel approach, never before seen in the distribution of banking trojans. Black-hat SEO, for the win! This Zeus Panda group decided to rely on a network of hacked websites, on which they inserted carefully chosen keywords in new pages or hid the keywords inside existing pages.Read more
Imagine that one day you decide to use Bitcoin to pay for, say, a pizza. You copy the wallet address from the pizzeria’s website, enter the required amount, and click the Send button.
The transfer goes through, but the pizza doesn’t arrives. The pizzeria owners say they never received the payment. What’s going on? Don’t get mad at the pizza guys — it’s all down to CryptoShuffler. Unlike cryptoransomware, this Trojan avoids flashy effects, instead doing its best to slip under the radar. It resides quietly in the computer’s memory and monitors the clipboard — the temporary storage area for cut/paste operations.Read more
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.
Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos.Read more
Experts have discovered a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian banks are first in the line of fire, but Malaysian and Armenian organizations have also been infected.
Tactically, the attack is very similar to the canonical financial APT campaign, the notorious Carbanak: a phishing e-mail with a malicious attachment sent to employees of banks and financial organizations, followed by spying on employees and then, suddenly, a fraudulent transaction. This proven method has already brought its operators billions of dollars, so why not try it again?Read more
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code.
The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted online by victims. This is a departure from previous attacks that monitor browser activity for specific URLs and extract credentials. This campaign may be limited to Brazil and other Portuguese-speaking nations, according to Renato Marinho, chief research officer at Morphus Labs and a SANS Internet Storm Center (ISC) handler.Read more
The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.
An unknown hacker appears to have breached a dark web marketplace called Basetools and leaked samples of its database online.
The hacker has threatened to leak the dark web market operator's identity as well as Basetools' data to US authorities, including the FBI, DHS, DoJ and others, unless a ransom of $50,000 (£38,112) is paid. Basetools is an underground marketplace often advertised in Russian-speaking cybercrime forums and markets, which allows dark web vendors to sell spamming tools, credit card data, hacked customer accounts, among other things.Read more
On Tuesday, reports surfaced that a new kind of malware was spreading around Europe. The apparent ransomware which researchers are calling Bad Rabbit bubbled up in Russia and Ukraine and appears to also be affecting Turkey and Germany, though spread isn’t fully known at this time.
Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Russian news group Fontanka.ru was also affected and focuses on the trend of targeted media outlets.Read more
If you get a message from a Facebook Friend telling you they urgently need your help accessing their account — pause, because someone’s trying to use Facebook security against you.
Experts yesterday revealed details of the phishing scam that has apparently claimed a few victims recently. It’s basically an attempt to con you into handing over your account codes to someone you think you can trust. The attack is initiated by someone who has already taken over the account of a friend. They send you an urgent message claiming to need help getting back into their account, and to check your email for a recovery code.Read more
One of iOS' rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task.
The prompts have grown so common most people don't think twice about them. Mobile app developer Felix Krause makes a compelling case that these popups represent a potential security hole through which attackers can steal user credentials. In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup.Read more