Malware News, Articles and Updates

Two Cryptomix variants spotted in under a week

MalwareHunterTeam researchers discovered a second variant this week of the CryptoMix ransomware appending the .0000 extension to encrypted files.

Beware Catphishing attacks targeting the hearts of security pros

Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.

Three more Android malware families invade Google Play Store

Collectively downloaded millions of times, 158 fake Android applications containing mobile malware were recently found smuggled into the Google Play Store.

Office DDE feature used by hackers in new targeted phishing campaign

Security researchers have warned that a new phishing campaign is using the DDE feature in Microsoft Office to deliver DNSMessenger malware undetected.

Coinhive cryptocurrency miner on Check Point's Most Wanted Malware list

Cryptocurrency miners are becoming one of the most prolific threats facing everyone, with Check Point Software Technologies naming this type of malicious software in its Ten Most Wanted Malware list for October.

WikiLeaks: CIA impersonated Kaspersky Labs as cover for malware operations

WikiLeaks, under its new Vault 8 series of released documents, has rolled out what it says is the source code to a previously noted CIA tool, called Hive, that is used to help hide espionage actions when the Agency implants malware.

Windows Movie Maker scammers leverage Google SEO

While SEO best practices help brands reach the widest possible audiences by garnering more web traffic, these same tactics can also be leveraged to help cyber-criminals reach the most victims.

ToastAmigo malware uses new twist to attack Toast overlay vulnerability

A new malware uses an updated methodology to abuse the previously patched Android Toast overlay vulnerability, which once installed, can download additional malware as well as use various permissions to access the phone.

Arabic, Urdu, Persian, Pashto InPage processor used by 3 malware families

An exploit in the InPage word processor program was used as an attack vector by three malware families. The word processor supports languages such as Urdu, Persian, Pashto, and Arabic.

iXintpwn/YJSNPI malware distributed in app stores once used to spread ZNIU

App stores that once distributed the rootkit malware used by ZNIU, the first malware family to exploit the Dirty COWvulnerability, are now distributing a new iXintpwn/YJSNPI variant.

Russian hackers silently threaten global financial organisations

A new bankrobber Trojan has been identified by researchers at Kaspersky Lab, quietly stealing money direct from the banks themselves rather than targeting customers.

BitPaymer malware - ransomware with sophisticated obfuscation

Julia Sowells explains how the BitPaymer malware initially executes itself, makes a copy of itself and runs in two ADS. It hides in empty files; deletes its older executable file and transfers control of the malware to the newly created files.

DUMB ransomware attacks Iranian targets via compromised VPN

Maher, Iran's Computer Emergency Response Team Coordination Center (CERTCC), has warned that 'Tyrant' ransomware is being distributed in the country via a compromised VPN app, undermines trust in IT dept.

BadRabbit's slow international spread, like Petya/NotPetya but blockable

Less than 24 hours after BadRabbit hopped out of its hole the malware is still spreading, albeit slowly, with US CERT having received reports of infections; researchers say this worm-like ransomware may have ties to Petya/NotPetya.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Necurs botnet attackers likely gathering intel via downloader screen grabs

The Necurs botnet is on the rise again, this time sporting a downloader that screengrabs the desktops of infected systems.

Android malware on Google Play grows botnets, launches DDoS attacks

The Sockbot malware has made its way into at least eight Apps in the Google Play Store with the intent of adding devices to botnets and performing DDoS attacks.

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

ATMii ATM malware uses two modules, simple yet effective

A new family of ATM malware, dubbed ATMii, is using legitimate proprietary libraries and a small piece of code to cause the machines to spit out money and targets older Windows versions.

Pornhub users hijacked by malvertising campaign malware infections

Kovter Group malvertising campaign put millions at risk of ad fraud malware infections. Fake browser updates hoodwink users into installing malware.

Rogue ads serve up tech support scams, believed from India

Tech support scammers abuse Taboola and native ads to spread scam malware

The evolution of DarkHotel: From Wi-Fi to complex social engineering

Cyber-criminal group and malware variant DarkHotel has changed its tactics, and has been actively infecting political figures through spear phishing techniques, and via peer-to-peer networks explains Bogdan Botezatu.

Avast narrows down probable location of CCleaner attacker

Avast continued to reveal further details surrounding the cyberattack that placed a backdoor in its free computer maintenance app, CCleaner. Attack believed originated from a country located in the UTC + 4 or UTC + 5 time zones.

Redboot malware leaves researchers wondering if its a ransomware or wiper

A new bootlocker malware is leaving researchers scratching their heads on whether to identify the malware as a poorly coded ransomware or a cleverly designed wiper.

Hacker asks for nude photos of victim instead of money to unlock computer

MalwarHunterTeam tweeted out news of a screenlocker posing as ransomware where the bad guys request nude photos of the victim instead of money.

State surveillance tool uses ISP to deliver malware to privacy seekers

Unnamed major internet providers are reported to be the distribution route for the spread of a new variant of government spyware FinFisher (also known as FinSpy) in two countries, targeting people seeking privacy.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

Hiding in plain sight - attacks via trusted entry routes such as updates

Sophisticated attackers will subvert trusted suppliers of executable code such as software updates, consequently, Martin Lee says that a sophisticated response is required.

ICYMI: Facebook malware; nude celeb hack; logons key; spambot; CeX hack

In Case You Missed It: Facebook spreads malware; Instagram celeb hack; Logon breach id key; Spambot weaponises 711 m accounts; CeX hacked