Browsing tag
Chrome Extensions continue to get compromised, security officer Renato Marinho from Morphus Labs identified a malicious Chrome extension that captures data posted by users online on any website. They noticed a phishing campaign titled “Follow the photos from the weekend (via WhatsApp)” which infects users by opening an email with alleged photos. How it affects […]
our researchers discovered a new and massive IoT Botnet, ‘IoTroop’. Due to the urgency of this discovery, we quickly published our initial findings in order to alert the cyber security community. Since then, we have had time to digest and dissect the propagating malware and share our findings with you. The main findings are: • The entire […]
Two days back we reported about the havoc caused by Bad Rabbit ransomware throughout Europe but mainly in Ukraine and Russia. It has been two days, but security experts are still unable to identify how Bad Rabbit is compromising devices at such a massive scale. Initially, it was believed that a customized scanning mechanism which […]
Earlier this week, a new, widescale ransomware campaign was spotted by security solution firms. Named Bad Rabbit, this malware is spreading as a disguised Adobe Flash Player installer. After the installation, the files are encrypted and the victim is asked to pay the ransom. As per Cisco Talos, Bad Rabbit appears to be based on […]
Apparently, a pirate download of Microsoft Office could be the root of all the trouble. Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. In October, a report from The Wall Street Journal claimed that in 2015, the Russian firm targeted […]
The CSE CybSec Z-Lab Malware Lab spotted a new botnet, dubbed Wonder botnet, while it was investigating malicious code in the dark web. While investigating the malicious code in the dark web, ZLab experts discovered a “NetflixAccountGenerator.exe” that promises to generate a premium account for Netflix services for free. Unfortunately, the software downloaded does not work […]
Since ransomware are quite common nowadays, and no device is spared from the malicious objectives of cybercriminals, therefore, security firms and tech giants are trying to provide some reliable solutions to users. It is a fact that just by installing anti-virus software it is not possible to properly secure your computer through becoming a victim […]
Canada’s Communications Security Establishment (CSE) intel agency has released the source code for one of its malware analysis tools dubbed Assemblyline. The Canada’s Communications Security Establishment (CSE) intelligence agency has released the source code for one of its malware detection and analysis tools dubbed Assemblyline. The Assemblyline tool is written in Python and was developed under the CSE’s […]
When it comes to cyberthreats, we in ESET-LATAM Research often see ransomware, banking trojans (especially in my home country – Brazil), botnets or worms. As a consequence, other types of dangerous malware that run inconspicuously might get less of our attention; as is the case with firmware malware or bootkits. Bootkits run before the OS […]
The Communications Security Establishment (CSE), Canada’s main signals intelligence agency, has made a malware scanning and analytics tool called AssemblyLine as open-source by releasing the code. AssemblyLine tool can analyze massive volumes of files and also rebalance workload automatically. During the scanning process, every file is given a unique identifier, and user-defined analytics engines scan […]
A Dangerous Necurs malware evolving again and spreading via new email campaign by Necurs bots or hacked web servers and mainly taking a screenshot of infected victims screen. Necurs malware calls it as downloader or loader which infect the bootloader and download the second level of payloads like Ransomware or other persistent malware. Recent days […]
Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a shared object and running as a service. This also allows the malware to operate under restricted privileges, and is difficult to clean up effectively – even if an infected site gets restored from […]
DoubleLocker Android Ransomware Encrypts Data and Changes PIN to Permanently Lock Your Phone. ESET’s security researchers have identified a new kind of ransomware, which infects Android devices by using a technique that so far was used by Trojans. It not only encrypts your mobile phone but also modified its PIN. The ransomware has been named […]
Android’s accessibility services are features that help the users to take advantage of an alternative navigation method on behalf of apps installed on the smartphone. The security researchers at ESET have detected a new ransomware that exploits these services. Detected as Android/DoubleLocker.A, this Android ransomware takes inspiration from a banking trojan named Android.BankBot.211.origin, which is distributed with the […]
What if I told you that there is a method will let you execute commands on Microsoft Word without any Macros, or memory corruption?! This Macro-less code execution in Microsoft Word technique has been described in detail by two security researchers from Sensepost, the technique leverages a built-in option of Microsoft Office, named Dynamic Data […]
ATM Malware Called “ATMii” could allow Cyber Criminals to Hack and Dispense the Cash from ATM by Infecting the ATM Machine which is Running Windows 7 and Windows XP. In order to gain Complete control of the Targeting ATM, Attacker needs to have Direct access either via the network or Physical access using USB for Directly […]
Network intrusion detection systems simulator. RHAPIS provides a simulation environment through which user is able to execute any IDS operation. Basic Usage Type HELP in the console in order to see the available commands. RHAPIS is written in Lua language. You need to have installed Lua in order to run RHAPIS. The first commands that […]
Appeal of ransomware sees sales rise from $250,000 in 2016 to over $6m in 2017 – and some ransomware sellers are now pocketing a salary of over $100,000 a year. The total value of ransomware sales on dark web market places has rocketed from $250,000 to over $6m in just a year as demand for the file-encrypting […]
Microsoft October Patch Tuesday addresses the CVE-2017-11826 Office Zero-Day vulnerability that has been exploited in the wild in targeted attacks. Yesterday we discussed Microsoft’s October Patch Tuesday addressed three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Going deep in the analysis of the Patch Tuesday updates for October 2017 we can see that Microsoft addressed a […]
This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut […]
The IT security researchers at Palo Alto Networks Unit 42 have come to know about a new, targeted spear-phishing scheme, which is designed to intercept a genuine on-going email communications between people and starts posing as one of the individuals to install malware. The scheme has been named FreeMilk while the researchers have claimed that […]