Malware


NEWS 
  • OilRig Targets Middle Eastern Telecom Organization and Adds Novel C2 Channel with Steganography to Its Inventory

    July 22, 2020

    While analyzing an attack against a Middle Eastern telecommunications organization, Unit 42 has discovered a variant of an OilRig-associated tool we call RDAT using a novel email-based command and control (C2) channel that relied on a technique known as steganography to hide commands and data within bitmap images attached to emails. In May 2020, Symantec published ...

  • MATA: Multi-platform targeted malware framework

    July 22, 2020

    As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework ...

  • Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

    July 22, 2020

    An Android spyware attack was recently discovered that targeted the Uyghur ethnic minority group – since 2013. In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal. Read more… Source: ThreatPost  

  • Ransomware gang demands $7.5 million from Argentinian ISP

    July 20, 2020

    A ransomware gang has infected the internal network of Telecom Argentina, one of the country’s largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files. The incident took place over the weekend, on Saturday, July 18, and is considered one of Argentina’s biggest hacks. Sources inside the ISP said ...

  • Emotet-TrickBot malware duo is back infecting Windows machines

    July 20, 2020

    After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers. On July 17th, 2020, after over five months of inactivity, the Emotet Trojan woke up and started massive spam campaigns pretending to be payment reports, invoices, shipping information, and employment opportunities. These spam emails ...

  • Emotet spam trojan surges back to life after 5 months of silence

    July 17, 2020

    After months of inactivity, the notorious Emotet spamming trojan has come alive again as it spews out a massive campaign of malicious emails targeting users worldwide. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s ...

  • Updates on ThiefQuest, the Quickly-Evolving macOS Malware

    July 17, 2020

    Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest), a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. It has been found in pirated versions of macOS shared on popular torrent sites. Developments on the malware have been ...

  • LokiBot Redux Attacks Massive List of Common Android Apps

    July 16, 2020

    Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. The apps targeted include:  Amazon, eBay, Facebook, Grinder, Instagram, Netflix, PlayStation, Reddit, Skype, Snapchat, TikTok, Tinder,  Tumblr, Twitter, Uber and VK, ...

  • New BlackRock Android malware can steal passwords and card data from 337 apps

    July 16, 2020

    A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications. Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric. Researchers say the malware was based on the ...

  • Caught in the Crossfire: Defending Devices From Battling Botnets

    July 15, 2020

    Strength in numbers is the main principle behind botnets, networks of devices that have been infected and turned into bots to be used in performing attacks and other malicious activities. With the dawn of the internet of things (IoT), botnet developers have found a new domain to conquer, but there they must compete with one ...

  • The Tetrade: Brazilian banking malware goes global

    July 14, 2020

    Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their attacks ...

  • Second Catalan politician says phone was targeted by spyware

    July 14, 2020

    A second prominent member of Catalan’s pro-independence movement has revealed he was warned that his mobile phone was targeted using spyware. The development is likely to bolster calls for an investigation into the possible use of hacking technology by Spanish authorities. Ernest Maragall, an MP in the regional parliament and a former member of the European parliament ...

  • Israel court rejects calls to revoke NSO Group’s spy software export licence

    July 13, 2020

    A court in Tel Aviv has rejected a ruling to order Israel to revoke the export license of the NSO Group, the country’s largest surveillance company, whose software has reportedly been used by governments to spy on dissidents and human rights activists. Judge Rachel Lavi Barkai ruled that Amnesty International and 30 human rights activists, who ...

  • Evilnum hackers use the same malware supplier as FIN6, Cobalt

    July 9, 2020

    Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors. The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms. Its targets are ...

  • Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption

    July 9, 2020

    A lesser-known ransomware strain known as Conti is using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds, security researchers from Carbon Black said in a report on Wednesday. Conti is just the latest in a long string of ransomware strains that have been spotted this year. Just like ...

  • More pre-installed malware has been found in budget US smartphones

    July 9, 2020

    Pre-installed malware has been discovered on another budget handset connected to Assurance Wireless by Virgin Mobile. Back in January, cybersecurity researchers from Malwarebytes discovered unremovable malware bundled with the Android operating systems on the Unimax (UMX) U686CL, a low-end handset sold by Assurance Wireless as part of the Lifeline Assistance program, a 1985 US initiative which subsidizes telephone services for ...

  • New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

    July 8, 2020

    Researchers at Trend Micro discovered a new Mirai variant (detected as  IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past few months, that include SORA, UNSTABLE, and Mukashi. The case, ...

  • Purple Fox EK Adds Microsoft Exploits to Arsenal

    July 6, 2020

    The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig ...

  • This is how EKANS ransomware is targeting industrial control systems

    July 2, 2020

    New samples of the EKANS ransomware have revealed how today’s cyberattackers are using a variety of methods to compromise key industrial companies. In a research report published on Wednesday, FortiGuard Labs researchers Ben Hunter and Fred Gutierrez said that malware designed to attack industrial control systems (ICS) continues to be lucrative for threat actors. While ransomware only accounted for ...

  • TrickBot malware now checks screen resolution to evade analysis

    July 1, 2020

    The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is ...