Malware-Infested Smart Card Reader

Schneier on Security

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. Uncategorized malware smart cards

New Sophisticated Malware

Schneier on Security

Uncategorized backdoors botnets malware threat modelsMandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ZuoRAT Malware Is Targeting Routers

Schneier on Security

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Uncategorized hacking malware

Industrial Control System Malware Discovered

Schneier on Security

The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. There’s also no indication of how the malware was discovered.

Drovorub Malware

Schneier on Security

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. cyberespionage cybersecurity espionage fbi implants malware nsa russiaDetailed advisory. Fact sheet. News articles. Reddit thread.

Hiding Malware in ML Models

Schneier on Security

Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models” Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns.

Mysterious Macintosh Malware

Schneier on Security

This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Using EM Waves to Detect Malware

Schneier on Security

Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Uncategorized academic papers Internet of Things malware

Linux-Targeted Malware Increased by 35%

Schneier on Security

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021.

Malware in Google Apps

Schneier on Security

Interesting story of malware hidden in Google Apps. espionage google kaspersky malware phishing spywareThis particular campaign is tied to the government of Vietnam.

Vaccine for Emotet Malware

Schneier on Security

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself.

System Update: New Android Malware

Schneier on Security

This is a sophisticated piece of malware. Uncategorized Android cyberweapons GPS malwareResearchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT).

New Disk Wiping Malware Targets Israel

Schneier on Security

Apostle seems to be a new strain of malware that destroys data. Uncategorized data destruction Iran Israel malware ransomware

Malware Analysis: Trickbot

The Hacker News

Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore.

Emerging Trends in Malware

Security Boulevard

Charlene O’Hanlon and Thomas Brittain from Kroll discuss emerging trends in the malware space in light of the recent surge of reported attacks, including threats to watch out for, predictions for how the government will focus on cybersecurity going forward and how companies can mitigate risk.

Live Coronavirus Map Used to Spread Malware

Krebs on Security

In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.

Malware news trending on Google

CyberSecurity Insiders

The first news that is related to malicious software and is trending heavily on Google is related to SolarMarker malware that can steal credentials and act as a backdoor for other cyber attacks. Third is the news related to 2FA Authenticator that is seen distributing malware.

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit , a fairly common but dangerous trojan horse that spreads by appending itself to other files. Millions of U.S.

iPhone Malware that Operates Even When the Phone Is Turned Off

Schneier on Security

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. Uncategorized Bluetooth iPhone malware

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Sansec researchers were the first that discovered the new malware. “Of these 9 infected sites, only 1 had functional malware.

Media 99

Emotat Malware Causes Physical Damage

Schneier on Security

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. authentication credentials malware microsoft phishing

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

InfoSec Insider MalwareMatt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.

Hiding Malware in Social Media Buttons

Schneier on Security

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks. Uncategorized credit cards malware social engineering social media

Media 228

New Linux Malware 'Nearly Impossible to Detect'

Dark Reading

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities

A new Linux Malware named Symbiote is hard to detect

CyberSecurity Insiders

Cybersecurity researchers from Blackberry and Intezer labs have discovered a new Linux malware that is hard to detect. They have dubbed the malware Symbiote and are said to be mostly targeting backdoor infected systems. Malware Linux Malware Symbiote

Trickbot Malware hits 140,000 victims

CyberSecurity Insiders

Trickbot Malware that started just as a banking malware has now emerged into a sophisticated data stealing tool capable of injecting malware like ransomware or serve as an Emotet downloader. The post Trickbot Malware hits 140,000 victims appeared first on Cybersecurity Insiders.

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities.

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The post Ukrainian telecommunications operators hit by DarkCrystal RAT malware appeared first on Security Affairs.

US Government Exposes North Korean Malware

Schneier on Security

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. It's interesting to see the US government take a more aggressive stance on foreign malware.

2020 Oscar Nominees Used to Spread Malware

Adam Levin

Online scammers are using the 2020 Oscars to spread malware. The post 2020 Oscar Nominees Used to Spread Malware appeared first on Adam Levin. Data Security Technology featured malware oscars academy awards joker irishman

ChromeLoader Malware Hijacks Browsers With ISO Files

Dark Reading

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections

New Malware Hijacks Cryptocurrency Mining

Schneier on Security

After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. botnets cryptocurrency hacking malware scamsThis is a clever attack. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Anatomy of native IIS malware

We Live Security

The post Anatomy of native IIS malware appeared first on WeLiveSecurity. MalwareESET researchers publish a white paper putting IIS web server threats under the microscope.

HermeticWiper: New data?wiping malware hits Ukraine

We Live Security

The post HermeticWiper: New data‑wiping malware hits Ukraine appeared first on WeLiveSecurity. MalwareHundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites.

DDOS 111

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

“Ukrainian and sadly non-Ukrainian developers are modifying their public software to trigger malware or pro-Ukraine ads when deployed on Russian computers,” Holden said.

Cloud services now spreading Malware

CyberSecurity Insiders

Cybersecurity researchers from Cisco Talos have issued a warning that hackers are now taking help of cloud service platforms to spread malware Trojans such as Nanocore, Netwire, and AsyncRAT having ability to steal critical info from the victimized devices. Malware Moncler

This Week in Malware—show me your secrets!

Security Boulevard

This Week in Malware, highlights include malicious Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint. The post This Week in Malware—show me your secrets!

Europol seizes Flubot malware operations and infrastructure

CyberSecurity Insiders

Europol, an internationally recognized law enforcement agency, has made it official that it has seized the operations and infrastructure of Flubot malware that has the potential to steal passwords, banking credentials, and other sensitive details from Google Android smartphones.

Malicious npm ‘colors’ typosquats pack Discord malware

Security Boulevard

Sonatype has caught newer typosquats of the popular 'colors' npm library that contain obfuscated malware. The malware in question comprises Discord info-stealers attempting to hijack the user's Discord tokens and session information.

Signed Malware

Schneier on Security

Stuxnet famously used legitimate digital certificates to sign its malware. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. The researchers said they found 189 malware samples bearing valid digital signatures that were created using compromised certificates issued by recognized certificate authorities and used to sign legitimate software. The forgeries also allow malware to evade antivirus protections.

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment checks to avoid being executed in a sandbox.

WordPress Popunder Malware Redirects to Scam Sites

Security Boulevard

Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. Continue reading WordPress Popunder Malware Redirects to Scam Sites at Sucuri Blog.

Scams 103

Mobile Security Threat for Android users through BRATA Malware

CyberSecurity Insiders

An Italian mobile security company named Cleafy has issued a warning to all android phone users about a malware dubbed BRATA. The way BRATA is being distributed is interesting as the malware only targets one financial organization at a time and keeps in touch with a command-and-control server.

Mobile 100