Malware News, Articles and Updates

Olympics Malware attack may have been part of larger cyber-espionage scheme

Researchers discovered new details in the "Olympic Destroyer" malware which targeted the Winter Olympics in Pyeongchang, shedding more light on the malware's intentions and background information on the attack.

Hidden Cobra malware infects Androids, turns Windows machines into proxies

The DHS and FBI on Tuesday jointly released two new reports analysing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government.

Confucius cyber-gang spreads backdoor ridden chat apps in Romance scams

As Valentine's Day arrives, cyber-criminals have been looking to once again seize the opportunity to target lonely singles in romance schemes looking to persuade victims into downloading malware hidden in chat apps.

Windows Installer service hacked to infect victims' systems with malware

Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.

Is UDPoS 'mag-stripe DNS exfiltration' malware dumb, or dumber?

US remains a target as researchers at Forcepoint Labs uncovered possibly the first new PoS malware for two years. Named UDPoS, courtesy of how it relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of data.

ADB.Miner takes cryptominer mobile and beyond targeting Android devices

Malicious cryptominers are going mobile and beyond with a new botnet malware targeting Android-based devices that expose debug capabilities to the internet, for the purpose or mining Monero.

Evolving Hancitor downloader found, relying on malicious hosted servers

Despite its relatively small pool of viable targets, the malicious Windows-based downloader Hancitor continues to surface in malspam campaigns that recently have relied heavily on distribution servers.

Hackers using sophisticated malware to target Winter Olympics organisations

Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.

Stolen adult site login credentials help fuel dark web economy

Cyber-criminals have been using pornography and adult content as a lure to spread malware and steal information since it hit the internet, but recent research shows that access to sites is also fueling a lucrative trade on the dark web.

More than 100 malwares searching for Spectre & Meltdown vulnerabilities

It hasn't taken long for cyber-criminals to craft malware specifically designed to seek out machines vulnerable to the recently disclosed Spectre and Meltdown speculative execution bugs found in most computer chips.

Thousands of WP sites hosting combined keylogger/ in-browser crypto miner

Thousands of WordPress websites have been infected with particularly nasty malware, according to researchers.

Jackpotting attacks are forcing ATMs to 'make it rain'

Organised criminals are physically accessing ATM machines and infecting them with malware that makes them spit out cash, in what reports are calling the first-ever confirmed case of "jackpotting" attacks in the US.

Researchers trace BitPaymer ransomware back to Dridex developers

A relatively new ransomware that infected Scottish hospitals last summer appears to be created by the same developers who are responsible for the dreaded Dridex banking trojan.

New Phishing scam combines FedEx and Google Drive to lure victims

Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names.

Twitter spam app plaguing accounts

Cyber-criminals attempting to take advantage of Twitter users' curiosity over who visits their page are using a new form of bait that advertises the ability to track such visits.

Malvertising 'conglomerate' created 28 fake ad agencies to abuse platforms

A massive malvertising operation bought an estimated 1 billion ad views in 2017 under the guise of 28 different fake ad agencies, in what a new report is calling the largest operation of its kind last year.

Dridex campaign carries scent of Necurs with a hint of FTP

Forcepoint researchers spotted a malware laden spam campaign, similar to Necurs, using compromised FTP sites instead of the usual HTTP link as download locations for malicious documents.

Russian man arrested for petrol stealing malware

Russian authorities Sunday arrested Denis Zayev in Stavropol, Russia, on charges stemming from a widespread scam that swindled petrol station customers into paying for more petrol than they actually pumped into their tank.

Trisis nation-state authored malware leaked onto internet

Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online that could enable hackers to compromise safety systems at power plants.

A minor twist on inserting cryptocurrency miners detailed

Cryptocurrency miners basically do what they do with little fanfare or attempts at obfuscation, but one group of miners has been seen using a technique that allows the malware to make injections to 64-bit processes from 32-bit loaders.

KillaMuvz pleads guilty to being a sophisticated malware operator

The UK creator of malware resources Cryptex and reFUD.me, used by thousands in the cyber-crime world, has this week pleaded guilty to charges under the Computer Misuse Act and Proceeds of Crime Act.

Cryptocurrency miners target web servers with malware

RubyMiner malware plants XMRig on vulnerable systems. Security researchers have discovered malware aimed at Linux and Windows servers running to mine cryptocurrency.

KillDisk wiper malware sets sight on Latin American financial organisations

A new variant of the disk wiping malware KillDisk is targeting financial firms in Latin America to wreak havoc without leaving so much as a note.

New Mac malware - MaMi - hijacks DNS connections

Malware can steal passwords, take screenshots and access files. Security researchers have discovered new Mac malware that can hijack DNS settings.

AdultSwine malware helps porn ads and scams invade children's apps

Cyber-criminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

Cryptominer malwares in RIG EK spread via malvertising

Malwarebytes researcher Jerome Segura analysed a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising.

Taiwan police award malware-laced USBs as prizes for cyber-security quiz

Taiwanese police handed out malware-laden USB sticks as prizes for a security quiz given during an infosec conference in December 2017.

Turla cyber-espionage group fakes Adobe to drop malware on embassies

Cyber-espionage group Turla is reported to be targetting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Dismantled Andromeda botnet will 'slowly disappear' over time

What remains of the Andromeda botnet that was largely dismantled in a November 2017 global law enforcement operation will probably "slowly disappear" as remediation continues into 2018, predicted one cyber-security company.