Showing only posts tagged malware. Show all posts.

Detecting Pegasus Infections

Source

This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool …

Why Phishers Love New TLDs Like .shop, .top and .xyz

Source

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop,.top,.xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the …

Android Trojan that intercepts voice calls to banks just got more stealthy

Source

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks. FakeCall first came to public attention in 2022, when researchers from security firm Kaspersky reported that the malicious …

Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes

Source

Google researchers said they uncovered a Kremlin-backed operation targeting recruits for the Ukrainian military with information-stealing malware for Windows and Android devices. The malware, spread primarily through posts on Telegram, came from a persona on that platform known as "Civil Defense." Posts on the ​​@civildefense_com_ua telegram channel and the …

North Korean hackers use newly discovered Linux malware to raid ATMs

Source

In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM’s proprietary version of Unix. Next, they hacked infrastructure running Windows. Now, the state-backed bank robbers have expanded their repertoire to include Linux. The malware, tracked under the name FASTCash, is a remote access tool that …

Two never-before-seen tools, from same group, infect air-gapped devices

Source

Researchers have unearthed two sophisticated toolsets that a nation-state hacking group—possibly from Russia—used to steal sensitive data stored on air-gapped devices, meaning those that are deliberately isolated from the Internet or other networks to safeguard them from malware. One of the custom tool collections was used starting …

Thousands of Linux systems infected by stealthy malware since 2021

Source

Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday. The malware has been circulating since at least 2021. It gets installed …

New Windows Malware Locks Computer in Kiosk Mode

Source

Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way …

11 million devices infected with botnet malware hosted in Google Play

Source

Enlarge (credit: Getty Images ) Five years ago, researchers made a grim discovery—a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected …

Python Developers Targeted with Malware During Fake Job Interviews

Source

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running …

Hackers infect ISPs with malware that steals customers’ credentials

Source

Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers, researchers said Tuesday. The vulnerability resides in the Versa …

Novel technique allows malicious apps to escape iOS and Android guardrails

Source

Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypass safety guardrails built by both Apple and Google to prevent unauthorized apps. Both mobile operating systems employ mechanisms designed to help users steer clear of apps that …

Mac and Windows users infected by software updates delivered over hacked ISP

Source

Enlarge (credit: Marco Verch Professional Photographer and Speaker ) Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types …

Mysterious family of malware hid in Google Play for years

Source

Enlarge A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight. The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family …

US bans sales of Kaspersky antivirus software over Russia ties

Source

Washington says Moscow’s influence over company poses significant risk, as Kaspersky argues its activities do not threaten US security Joe Biden’s administration has banned Russia-based cybersecurity firm Kaspersky from providing its popular antivirus products in the US over national security concerns. “Kaspersky will generally no longer be …

The Justice Department Took Down the 911 S5 Botnet

Source

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were …

Law enforcement operation takes aim at an often-overlooked cybercrime linchpin

Source

Enlarge (credit: Getty Images) An international cast of law enforcement agencies has struck a blow at a cybercrime linchpin that’s as obscure as it is instrumental in the mass-infection of devices: so-called droppers, the sneaky software that’s used to install ransomware, spyware, and all manner of other …

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

Source

Enlarge (credit: Getty Images) One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them. “The routers now just sit there with a steady red …

Hacker free-for-all fights for control of home and office routers everywhere

Source

Enlarge (credit: Aurich Lawson / Ars Technica ) Cybercriminals and spies working for nation-states are surreptitiously coexisting inside compromised name-brand routers as they use the devices to disguise attacks motivated both by financial gain and strategic espionage, researchers said. In some cases, the coexistence is peaceful, as financially motivated hackers provide …

Using Legitimate GitHub URLs for Malware

Source

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a …

Backdoor in XZ Utils That Almost Happened

Source

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery …

page 1 | older articles »