Researchers said they discovered and disclosed to Apple, the vulnerability exploited by the WireLurker malware, which targeted iOS mobile devices. Some experts claim that now WireLurker is the only existing malware, which uses the bug in iOS.
Although Apple tried to annul the certificates used by the malware quickly, but the problem is that the flaw relates to an iOS enterprise provisioning failure to double check the identity of a given app against its digital certificate when the developer does not upload the application to the App Store. It gives attackers the ability to replace legitimate iOS apps with malicious ones without notification.Read more
Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers.
Rovnix is a malware variant that often has been distributed by other kinds of malware. Last year Microsoft warned users about a campaign that involved the Upatre malware, which typically is delivered through spam messages. The newer version of Rovnix has some differences from the older variants. The Rovnix creators have made changes to help evade detection by various security products.Read more
The Department of Homeland Security formally sounded the alarm on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late.
The warning came in the form of an alert informing the public of the malware, which is spread through spam and phishing emails. Phishing emails peddling Dyre are now using malicious PDF attachments that leverage vulnerabilities to download the malware. Once it’s downloaded, it captures user login information and sends that on to attackers. Experts are encouraging users to use caution when it comes to opening attachments.Read more
Dridex, the latest descendent of the banking Trojan lineage has been a constant source of attacks using the malware since its release in July. To date, Dridex has centered on sending executable attachments via e-mail.
That seems to have changed this week, as we’ve seen a tactical shift to sending those executable attachments via Microsoft Word documents loaded with macros that download and execute the malware. Like its precursors, Dridex is a sophisticated Banking Trojan, similar to the infamous Zeus malware. Its core functionality is to steal credentials of online banking websites and allow a criminal to use those credentials to initiate transfers and steal funds.Read more
An interesting file turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose.
Further investigation showed that a backdoor, a keylogger and a Trojan-Spy were hidden inside the sample. It is particularly noteworthy that the keylogger uses an open-source kernel extension. The extension's code is publicly available, for example, on GitHub! Depending on their purpose, these files are detected. The result of the check determines where the Trojan's files will be installed:Read more
YouTube has become a daily habit for millions all over the world, but it looks like there has been some malicious activity on the website -- which may have affected more than 100,000 users over a 30 day period.
According to Trend Micro, they have been monitoring the activity on YouTube over the past couple of months and have found that the attack comes in the form of ads that are present on the site. While the ads themselves have no malicious content, the issue seems to occur when the ad is clicked. Although these ads should be monitored and screened by YouTube, some have seemed to slip through the cracks, redirecting to malicious websites that could cause infections.Read more
A Tic-tac-toe game is actually a new mobile trojan – detected as Trojan-Spy,AndroidOS.Gomal.a, or Gomal – targeting Android devices. Gomal is capable of recording audio from the microphone, stealing incoming SMS messages, stealing device information such as cell phone number.
Obtaining root privileges, dumping memory regions of some processes in order to obtain sensitive data, and stealing data from the device log. Gomal uses many techniques initially incorporated into Windows trojans, the post indicates. Packaging trojans in mobile games is common – there are multiple cases of attackers doing so using the popular games.Read more
Due to the appearance of a great amount of new extortion viruses, which like only Android devices, hackers have estimated a new way how to earn. Almost all malwares that spread are working on the same pattern: after the launch, Trojan locks the device and gets a message about money transfer to unlock. This is a very clear example of fraud.
Nevertheless this virus, found by Dr.Web experts, is more functional: except locking the device and message payment, he immediately puts a password on unlock screen using a simple system diagram. In addition, Trojan sends all kinds of messages that can lead to large financial losses.Read more
After installation the Android-based device, the malware, called “Banker.AndroidOS.Basti.a” requests permission to access the network, incoming SMS-messages etc.
New Trojan-Banker disguised as a legitimate application WeChat, is used to collect owners financial data of Android-devices from China. According to Kaspersky Lab, the attackers chose this program because many users use it to make payments. Authors the Trojan encrypted it using App Shield, which allows you to add multiple "layers of protection." Nevertheless the IS-company experts manage to decode the file. It is capable of many types of malicious behavior. There are also some packages to make its GUI look more professional, which in turn make it a more potent phishing tool.Read more