Browsing category
A mobile banking trojan called Trojan-Banker.AndroidOS.Gugi.c, or “Gugi” for short, found no problem bypassing a couple of the security measures introduced in Android 6. The name of the game is social engineering when it comes to a Gugi infection. According to Kaspersky Lab’s senior malware analyst Roman Unuchek, the trojan first infects a device by […]
Mirai evolves from the source code of Gafgyt. A new trojan named Mirai has surfaced, and it’s targeting Linux servers and IoT devices, mainly DVRs, running Linux-based firmware, with the purpose of enslaving these systems as part of a large botnet used to launch DDoS attacks. According to security researcher MalwareMustDie! (MMD), Mirai is an evolution […]
Not all malware is ransomware, even though ransomware hogs the spotlight these days.Keyloggers are still popular in the cyberunderworld, because they help crooks to steal your passwords. Armed with your email password, for example, crooks can pull off much more audacious crimes than ransomware, such as business email attacks, also known a CEO fraud or […]
Crooks use a botnet of CCTV cameras, one of home routers, and one made up by compromised web server. An unnamed website has been at the end of a ferocious Layer 7 DDoS attack that involved traffic from over 47,000 distinct IP addresses, most of which belonged to IoT (CCTV) devices, home routers, and compromised […]
18 years of Googling is certainly something to behold, but on this anniversary, ESET’s Ondrej Kubovič is keen to highlight the cybersecurity threat.
A new DetoxCrypto Ransomware variant called the Nullbyte Ransomware has been discovered by Emsisoft security researched xXToffeeXx that pretends to be the popular Pokemon Go bot application called NecroBot, When infected, the ransomware will encrypt a victim’s files and then demand .1 bitcoins to decrypt the files. Thankfully, Michael Gillespie was able to create decryptor so that victims can get their files back for […]
When we first encountered Lurk, in 2011, it was a nameless Trojan. It all started when we became aware of a number of incidents at several Russian banks that had resulted in the theft of large sums of money from customers. To steal the money, the unknown criminals used a hidden malicious program that was […]
In this blog, FireEye Labs dissects this new ATM malware that we have dubbed RIPPER (due to the project name “ATMRIPPER” identified in the sample) and documents indicators that strongly suggest this piece of malware is the one used to steal from the ATMs at banks in Thailand. Connection to previous ATM Malware Targets the same […]
The Domino Ransomware is a new infection discovered by Daniel Gallagher and Michael Gillespie that is based off of the Hidden Tear open-source ransomware project. What makes this variant interesting is that it pretends to be the KMSPico Windows activation crack that will actually install KMSpico, but also encrypt a victim’s files as an added bonus. It should be noted that this does […]
With so much attention focused on the file encrypting-type ransomware it’s easy to forget the simpler variety, which pops up when your PC boots and won’t allow access to your system until you pay up. Even these basic infections can sometimes be tricky to remove, but Trend Micro offers a couple of tools which may […]
Crooks are always creating new ways to improve the malware they use to target bank accounts, and now Brazilian bad guys have made an important addition to their arsenal: the use of PowerShell. Brazil is the most infected country worldwide when it comes to banking Trojans, according to our Q1 2016 report, and the quality […]
Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks […]
Crooks hijack the FSociety brand for a lame ransomware. Fans of the Mr. Robot TV show would be glad to know that real-life crooks are taking inspiration from the TV series, and are now using the FSociety name and logo to develop a ransomware around this brand. Mr. Robot is a USA Network TV show that […]
The operators of the notorious trojan downloader Nemucod seem to have stepped up their game, serving their victims with ransomware and ad-clickers.
Malicious attachment contains Adwind cross-platform remote access Trojan. Cybercriminals are using clickbait, promising a video showing Democratic Party presidential nominee Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails. Figure 1. Malicious spam using Hillary Clinton as clickbait The email’s subject announces “Clinton Deal ISIS Leader caught on Video,” however […]
On the morning of Friday August 12th, ESET researchers noticed a huge outbreak of a new Spy.Banker variant, detected as Spy.Banker.ADEA. It happened at around 12pm CET.
New free ransomware project appears online. Hooray!!! Serbian security researcher GrujaRS shared with Softpedia a ransomware project called Shark, freely distributed on the Deep Web, but which appears to be a scam at a closer inspection, even if it produces valid and running ransomware payloads. Anyone can download a version of the Shark builder from the […]
Short Bytes: A man named Ivan Kwiatkowski managed to install Locky ransomware on the machine of a person who was pretending to be a tech support executive of a reputed company. Ivan wrote his experiences in a blog post tells that how the tech support scammer fell into the pit he dug for innocent people. […]
ESET researchers have spotted fake patch apps for Android – probably the first ever malicious mobile apps masquerading as a patch for a recently discovered vulnerability.
With the popularity of PokemonGo, it was inevitable that a malware developer would create a ransomware that impersonates it. This is the case with a new Hidden-Tear ransomware discovered by Michael Gillespie that impersonates a PokemonGo application for Windows and targets Arabic victims. PokemonGo Ransomware Icon On first glance, the PokemonGo ransomware infection looks like any other generic ransomware infection. It will scan […]
Proofpoint researchers originally discovered the CryptFIle2 ransomware in March [1]. At the time, it was spreading via exploit kits (EKs); however, beginning on August 3, 2016, we detected the first large-scale email campaign distributing CryptFIle2, allowing a degree of targeting not generally possible with EKs. This ongoing campaign appears to be targeting primarily state and […]