A class of Android trojans have found a way to inject themselves into system processes and are leveraging their newfound access to carry out a series of malicious operations.
Detected by Russian antivirus maker Dr.Web as Android.Loki, this trojan family has evolved over time and has gained the ability to inject some of its code in a system process, and by doing so, obtain root privileges. Four different versions have been detected until now: Android.Loki.1.origin, Android.Loki.2.origina, Android.Loki.3, and Android.Loki.6, all with different capabilities, and seeming to work together to infect targets.Read more
Experts have discovered Asacub, a banking trojan which started actively attacking Android users in January. Our experts managed to track its evolution step-by-step. A banking trojan is a type of malware which is installed a mobile device and employs certain techniques to steal money from the user’s credit cards.
Recent versions of Asacub does it by luring a user into submitting credit card credentials via phishing screens. Obviously, this data is not going to a legitimate bank. At first, researchers suggested the banking trojan was targeting Russia and Ukraine exclusively, due to the fact that the phishing resembled the login screens of some Russian and Ukrainian banks.Read more
Some Philips s307 Android smartphones come with a pre-installed trojan that shows ads and animations on the user's main screen, and cannot be removed without a firmware update or after going through a complicated series of steps, as Dr.Web, a Russian antivirus maker, is reporting.
The adware was initially spotted in October but was only found on low-end Android smartphones from a series of unknown manufacturers. A recent incident has brought the trojan back into Dr.Web's attention when Android.Cooee was found in high-end smartphones manufactured by Philips.Read more
Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.
Discovered four days ago, Linux.Ekocms is only the latest threat targeting Linux PCs, after the Linux.Encoder ransomware family and the Linux XOR DDoS malware had caused a large number of issues last autumn and put a dent in Linux's status as impermeable when it comes to malware infections. According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.Read more
A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.
The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites. The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities. Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans.Read more
In the last quarter of 2015, we observed an emerging trend among financial Trojans. An information stealing Android threat added functionality to its code that can enable it to deceive voice call-based two-factor authorization systems.
What is voice call-based two-factor authorization? In a typical 2FA system, the second factor—normally a generated one-time passcode — is sent to the user’s registered mobile number through short messaging service. In the past, we have seen several cases where the malware installed on the victim’s device snooped on or intercepted the incoming SMS containing the OTP.Read more
Security researchers have detected a new trojan targeting Android devices, but this one is unique in its own right because its creators have built it on top of an Android rooting utility called Root Assistant.
The new trojan takes the rooting toolkit's source code and twists it for malicious purposes, using it to gain root access without needing user interaction by leveraging the features packed inside the rooting toolkit. Root Assistant was created a few years back by a Chinese company to allow users to root their devices using a single tap and four Android vulnerabilities. There are at least 600 users infected with Rootnik.Read more
Security researchers at Symantec have uncovered a new Backdoor Trojan that grants hackers remote access and some control over infected machines. "Duuzer," as dubbed by the researchers, has been targeting organizations in South Korea and elsewhere in an attempt to steal valuable information.
The Trojan is designed to infect both 32-bit and 64-bit computers running Windows 7, Windows Vista, and Windows XP. It is currently unclear how the malware is being distributed, but according to Symantec Researchers, the most obvious routes are Spear Phishing campaigns and Watering Hole attacks.Read more
We are still in the midst of the smartphone boom. Over the past couple of years, over 50% of all mobile devices used by consumers are smartphones. In turn, this leads to a major problem: mobile cyberthreats.
Whereas PC users are already used to at least basic “security hygiene,” the majority of smartphone users still consider their device ‘just a phone,’ which is in the same league as an iron or a washing machine – so why bother? Today’s smartphone is a full-fledged computer, which is much more powerful than the one you used to own 10 years ago. And it’s a dangerous computer. If you happen to have a smartphone, it’s quite likely you also have a bankcard.Read more
Cyber-crooks behind the notorious Dyre malware have set their sights on customers of Spanish banks. First spotted in 2014, Dyre targets banks all over Europe, apart from in Russia and former Soviet republics.
However, a new Trojan configuration file analysed by the IBM team suggests that the malware is gearing up for a concerted assault on Spanish banks. IBM Security researchers say that Dyre is one of the most advanced malware codes active in the wild because of its feature-rich capabilities and its constant updates, which are designed to evade detection by anti-virus and static security mechanisms.Read more