Cybercriminals are learning from each other. Take TeslaCrypt, for example. It is a relatively new family of ransomware; its samples were first detected in February 2015.
The notable feature of the early TeslaCrypt versions was that malware was targeting not only usual sets of files, including documents, pictures and videos, but games-related file types as well. By that time, it was a rather weak malware due to a couple of its technical flaws. Despite the fact malware creators scared their victims with the frightful RSA-2048 algorithm, in reality the encryption was not that strong.Read more
All software and hardware in the German parliamentary network might need to be replaced. More than four weeks after a cyberattack, the government hasn’t managed to erase spyware from the system.
Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination, several anonymous parliament sources told. In May, parliament IT specialists discovered hackers were trying to infiltrate the network. So far, they have been unable to mitigate the attack. People in parliament are already talking about a possible replacement of the whole system.Read more
Personal computers in Japan and abroad have been infected with an aggressive online banking Trojan virus called ‘Vawtrak’ responsible for stealing millions of dollars, according to Tokyo police.
The virus steals private information such as passwords while conducting online banking transactions. The money is then remitted to third-party accounts. Vawtrak was originally spotted in August 2013, that version stole details from several Windows email clients, the more recent have expanded their capabilities to include a wider range of theft. Among these capabilities are stealing banking credentials and credit card information.Read more
IBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organizations. The campaign shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication.
In recent incidents, organizations have lost millions to attackers. While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Dyre has evolved to become simultaneously sophisticated and easy to use.Read more
Millions of flawed BIOSes can be infected using simple two-minute attacks that don't require technical skills and require only access to a PC to execute. BIOS have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.
Because almost no one patches their BIOSes, almost every BIOS is affected by at least one vulnerability, and can be infected. The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable. The point is more how the vendors' fixes are going un-applied by users, corporations, and governments.Read more
A new Android Trojan uses some clever techniques to silently subscribe victims to premium services. The threat is still under development, but it’s already capable of carrying out a wide range of tasks.
Cybercrooks can use the malware to send SMS messages, set a filter on incoming messages and calls, display ads, delete messages and call records, upload the HTML source code of specified webpages to a remote server, perform DDoS attacks, make outgoing calls, subscribe the victim to paid content, delete security apps, and export incoming messages based on instructions received from the command and control server.Read more
Security experts warned about a new attack on users of WhatsApp messenger. Under the guise of the web version of messenger is distributed Trojan. Attackers send out e-mail letters of invitation to download the desktop application WhatsApp Web, issued by the manufacturer at the end of January 2015.
Referring to users, scammers use social engineering techniques. Messages contain a link, supposedly leading to the official website of WhatsApp. Actually clicking the user goes to another site where download the executable file WhatsAppInstall.exe. Under this name hides a Trojan Downloader.Read more
AVG researchers have discovered a new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks.
They dubbed it, and AVG's security solutions detect it as PowerOffHijack. PowerOffHijack has been discovered in China, where it has already infected over 10,000 devices. It is apparently being propagated via third-party online app stores, but the researchers haven't mentioned what apps it masquerades as. The Trojan is capable of infecting Android versions below v5.0 (Lollipop). How does it work?Read more
A new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds. Trojan appears to be targeting Chinese Android users as many types of malware that came before it, at least for the moment.
The Trojan’s forte is sniffing out message having to do with banking and emailing those captured SMS messages to itself. In both cases the Trojan sends the information to a hardcoded Chinese email service and a hardcoded Chinese phone number. The Trojan’s SMS communication works both ways, because it can receive commands from the command and control server via SMS.Read more
If you are a Facebook user, be aware of a new malware! Do not click any porn links on Facebook. The reason is that you have thousands of good porn sites out there, but there's an extra good reason right now.
A security researcher warned that rogue pornography links on the world’s most popular social network had reportedly infected a lot of Facebook users with a Trojan in two days and it is still on the rise. The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user.Read more