Malware News, Articles and Updates

CCleaner attackers gained access to app developer's network via TeamViewer

The attackers who infected 2.27 million machines last year using a modified version of the computer maintenance app CCleaner gained unauthorised access to the developer's network using remote access program TeamViewer.

Update 'SquirtDanger' versatile malware - author Russian hacker TheBottle

Update: Russian hacker TheBottle investigated by Palo Alto's Unit 42 researchers whic identified a new botnet malware family SquirtDanger described as "Swiss Army Knife Malware".

Legacy (e)mail systems failing to provide sufficient protection

Mimecast's latest ESRA report found more than 14,277,163 pieces of spam, 9,992 emails containing dangerous file types, and 849 unknown emails with malware attachments -- all missed by the incumbent providers.

RSA: Cryptocurrency retaining value will determine this malware's success

Cryptomining is certainly one of the buzzwords flying around at RSA 2018, but with the currency's long-term viability directly tied to its value at least one cyber-security exec thinks this criminal activity's time could be limited.

Luck prevents malware fatally damaging critical infrastructure - this time!

Triton malware joins Stuxnet, Havex / Dragonfly, Blackenergy2/3, and Industroyer / CrashOverridet specifically targeting industrial networks: Passive network monitoring with hybrid threat detection needs to be implemented now.

Remotely hosted objects used to spread Formbook malware

Cyber-criminals are once again abusing trusted applications, such as Microsoft Office, to launch multi-stage attacks inside malicious documents to deliver Formbook malware.

SMASHINGCOCONUT looks a lot like malware used by North Korea in Sony attack

A newly identified malware, SMASHINGCOCONUT, bears a striking resemblance to malware used by North Korea in a November 2014 cyber-attack on Sony, the Department of Homeland Security (DHS) said in an intelligence note.

Fake updates push Chtonic, NetSupport RAT via Joomla and WordPress sites

Malwarebytes has examined a relatively new fake update scam that uses a combination of legitimate websites, a real cloud storage site and social engineering to pass along either a banking Trojan and remote access tool to its victims.

False software update leads users to get bitten by malware infection

Hackers abuse NetSupport to take control of victim's machines

Flaw in 'Sloppy' LockCrypt ransomware enables some victims to escape

Malwarebytes researchers discovered a weakness in the LockCrypt ransomware which enabled them to recover victim's files.

Entry-level Rarog cryptominer flies under the radar

A relatively unknown cryptomining malware dubbed "Rarog" is giving cyber-criminals an affordable way for entry level players to enter the field.

Cryptomix ransomware receives face lift

The malicious actors behind Cryptomix ransomware have pushed out a new variant, with the primary change being the inclusion of a new extension and minor alterations to the contact info and ransom note.

Android Trojan steals data from Facebook, Skype, and Twitter messenger apps

Other instant messaging apps also targeted by malware. Researchers have discovered a new type of Android malware that steals data from instant messaging apps on Android devices.

Magento sites brute forced by cryptominers

Brute force attacks are being used to compromise Magento sites to scrape payment card data and deliver cryptomining malware.

Credential stealer masquerades as security product

Malware impersonates Kaspersky antivirus. Security researchers have found malware that steals credentials while pretending to be anti-virus software from Kaspersky.

Malware attacks leveraging MS Word documents grew by 33% in Q4

Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems.

Common-sense GoScanSSH author avoids infecting high-risk targets

Researchers at Cisco's Talos Intelligence Group have identified a new malware family, dubbed GoScanSSH, that compromises SSH servers. Well, those not attached to government, law enforcement or military domains anyway. Note: SC Media UK will not be publishing during UK Easter holidays, resuming 2nd April 2018.

Half a million infected with malware via Google Play QR code apps

Another day, some more Android malware, although this particular strain has a couple of ingenious tricks up its sleeve. A series of apparently innocent QR Code reader apps appear to have potentially compromised 500,000 users.

GhostMiner uses fileless technique to mine coins

Security researchers have discovered a new form of cryptocurrency miner that uses fileless malware to install itself on systems. The malware also removes other miners.

Trickbot banking malware has new trick up its sleeve

Security reserachers have discovered that the Trickbot malware has been updated with you capabilities to evade detection and lock victim's computers.

Study: Malware counts higher on computers whose users visited piracy sites

Each time a user doubles the amount of time he spends visiting illegal torrent and streaming websites, the malware count on his machine jumps another 20 percent, according to an academic paper released earlier this month.

Russians hack European agency with updated DealersChoice malware

Russian APT group Sofacy targets European government agency, attempting to infect the organisation with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

New Fakebank malware variant intercepts calls on Android smartphones

Malware active in South Korea, redirects calls to scammers. Security researchers have discovered a new variant of the Fakebank malware.

Evolved Prilex malware lets cyber-criminals clone chip and PIN cards

Prilex, a point-of-sale malware program that's historically been used to steal money or payment card information from Brazilian ATMs and retailers, has now evolved into a comprehensive tool suite allowing chip and pin card data theft.

Hackers using tiny malware PinkKite to steal credentials from POS machines

Point-of-Sale endpoints used by enterprises are now facing a new threat- PinkKite - a tiny malware less than 6k in size, with memory-scraping and data validation tools, able to steal a large number of credentials and credit card data.

Bitcoin stealing malware distributed on for nearly a year

Bitcoin stealing malware that swaps user accounts with that of the attacker was found to be hosted on servers for nearly a year.

HenBox malware targets Chinese minority group

A new Android malware family dubbed HenBox is targeting a large online population based in China who have been the subject of numerous cyber-attacks in the past.

Mac malware rockets 270 percent - users warned 'safe' perception is wrong

Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely 'safe' is misleading.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.

APT hackers hid Slingshot malware in routers for six years

Slingshot malware targeted almost 100 victims in the Middle East and Africa since at least 2012