Malware

March 22, 2018

The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...

March 21, 2018

Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to ...

March 15, 2018

The White House has introduced a new round of sanctions on Russia, accusing the government of launching “the most destructive and costly cyberattack in history.” In a statement, the US Treasury said it has targeted 19 individuals and five entities for their parts in conducting “destabilizing activities,” including interfering with the US elections in 2016 to their ...

March 14, 2018

The suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files. According a Mar. 13 blog post by ESET researcher Tomas Foltyn, the hackers appears to be delivering the malware via spear phishing and watering hole ...

March 12, 2018

Researchers at Kaspersky Lab have discovered espionage malware that appears to have been developed by a government to spy on targets across Africa and the Middle East for the past six years. The researchers haven’t named Slingshot’s country of origin, but note the presence of debug messages written in perfect English, while various component names such ...

March 5, 2018

A newly uncovered ‘nation-state level’ cyber espionage operation has targeted humanitarian aid organisations around the globe via the use of backdoors hidden within malicious Word documents. Dubbed Operation Honeybee based on the name of lure documents used during the attacks, the campaign has been discovered by security researchers at security company McAfee Labs after a new variant of ...

March 1, 2018

A sophisticated strain of mobile malware targeting Android devices can extract sensitive data and audio recordings, run up premium SMS charges and then tries to extort money from victims. According to security firm Wandera the malware, dubbed RedDrop, is being distributed inside 53 Android applications promoted on third-party app stores. Apps range from image editors, calculators, ...

February 26, 2018

It might look to be out of the limelight compared to 2017, but it would be foolish to write ransomware off yet, as more attacks using the file-encrypting malware are ahead. High profile incidents like WannaCry, NotPetya and Bad Rabbit made ransomeware infamous last year. WannaCry and NotPetya have since both been attributed to be the work of nation-states – the former to North ...

February 20, 2018

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers. The RAT is cross-platform and capable of planting a keylogger on MacOS systems prior to the OS High Sierra and is designed to steal banking credentials. Coldroot was found by researcher Patrick Wardle, chief research ...

February 17, 2018

On a broiling day last August, managers of a huge petrochemical plant in Saudi Arabia discovered to their horror that it had been attacked. The consequences could have been catastrophic: the invaders had seized command of its computerised control-and-safety system, and had the power to damage it severely. The attackers carried no guns, explosives, or conventional weapons. Yet ...