Browsing tag
The website for Just For Men, a company that sells various products for men as its name implies, was serving malware to its visitors. Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing Trojan. In this particular attack chain we can see that the homepage of justformen[.]com […]
InfoArmor has identified a special tool used by cybercriminals to distribute malware by packaging it with the most popular torrent files on the Internet. The bad actors have analyzed trends on video, audio, software and other digital content downloads from around the globe and have created seeds on famous torrent trackers using weaponized torrents packaged […]
Number of DualToy infections is on the rise. A trojan targeting Windows computers is secretly sideloading mobile applications to any Android or iOS devices the user is connecting to infected PCs via USB cables. The trojan, named DualToy, has been active since January 2015, but in its original form, it was only capable of infecting Android […]
Sundown EK fails to improve market share among fellow EKs. The Sundown exploit kit (EK), which has been trying to fill the void left by the death of the Angler and Nuclear EKs, is nothing more than a collection of copy-pasted exploits, according to Trustave’s SpiderLabs team. Sundown, first spotted in June 2015, was for a […]
When we first encountered Lurk, in 2011, it was a nameless Trojan. It all started when we became aware of a number of incidents at several Russian banks that had resulted in the theft of large sums of money from customers. To steal the money, the unknown criminals used a hidden malicious program that was […]
The Adwind Remote Access Trojan (RAT) is a popular Java-based backdoor capable of infecting Windows, Linux, Mac OS and Android operating systems. Its cross-platform nature, elaborate backdoor features, and relatively cheap price makes it a favourite choice for many cybercriminals today. Earlier this year, it was reported that Adwind was used in at least 443,000 […]
Malicious attachment contains Adwind cross-platform remote access Trojan. Cybercriminals are using clickbait, promising a video showing Democratic Party presidential nominee Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails. Figure 1. Malicious spam using Hillary Clinton as clickbait The email’s subject announces “Clinton Deal ISIS Leader caught on Video,” however […]
Corporate cybercrime and information theft has become a very lucrative business for malware developers. Not only does it allow them to steal corporate secrets to sell to the highest bidder, but it can also provide them with undisclosed financial reports that that can be used on the stock market BleepingComputer was recently sent a sample by one of its visitors of a computer […]
F-Secure researchers say parties involved in the South China Sea arbitration case were infected with the data-stealing NanHaiShu Trojan. Hackers have used targeted malware to steal data from some of the governments and private sector organisations involved in the dispute over territory and sovereignty in the South China Sea. Cybersecurity company F-Secure Labs uncovered the […]
The crooks behind the recent campaign may be from China. Over 100,000 South Koreans had their banking credentials stolen by crooks who leveraged the BlackMoon banking trojan, also detected as W32/Banbra, Fortinet researchers reveal. The security vendor initially identified the campaign in April, when it also managed to discover an open-access directory belonging to one […]
Delilah is the first extortion trojan that spies on victims and collects information to force them in doing malicious activities from inside. Delilah is a strain of malware developed to extort victims into stealing insider data, it was first discovered on crime forums by the Israeli intelligence firm Diskin Advanced Technologies. Deliah is not distributed in […]
Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions. The Android Trojan called Triada, researchers say, now is capable of infecting the Android default […]
One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots […]
Crooks use brand new potent feature to just show adware. A previously discovered and highly dangerous Android trojan has received an update in the form of a module that allows it to inject the phone’s Web browsers and intercept URLs, redirecting users to any link the crook wishes to. The trojan in question is named Triada […]
A Trojan for Android designed to steal user login credentials needed to access online banking programs and to steal money from victims’ bank accounts. Android.SmsSpy.88.origin is distributed under the guise of benign applications—for example, Adobe Flash Player. When launched, the Trojan prompts the user to grant it administrative privileges: The Trojan is distributed under the […]
Backdoors are typically designed to execute cybercriminals’ commands on the infected machine. As a rule, they are used to gain a remote access to the user’s private information. Recently, Doctor Web security researchers have discovered yet another representative belonging to the mentioned category—BackDoor.Apper.1. The Trojan is distributed via a dropper in the form of the […]
Today, we’ve been alerted about an ongoing spam campaign against Skype users. The majority of those affected are in India, Japan, and the Philippines. Below is what the message looks like: The spam message contains Japanese katakana characters and a bitly link with the following format: bit.ly/{7 randomly generated characters}?profile_image={Skype contact name} I could be […]
Today, we have encountered a new threat that’s a blast from the past. The Petya Trojan (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Petr) infects the MBR preventing normal system loading, and encrypts the Master File Table (MFT), an important part of the NT file system (NTFS), thus preventing normal access to files on the hard […]
Compromised websites and spear-phishing emails used to infect targets with Daserf Trojan. A longstanding cyberespionage campaign has been targeting mainly Japanese organizations with its own custom-developed malware (Backdoor.Daserf). The group, known to Symantec as Tick, has maintained a low profile, appearing to be active for at least 10 years prior to discovery. In its most recent campaign, Tick […]
Short Bytes: Security researchers have identified a new malware named USB Thief that has the ability to steal data from air-gapped computers without leaving its trace. The malware uses a unique method of protecting itself with AES128-encryption and renaming the files in each new instance. Imagine a malware that spreads through USB drives, steals your computer’s data […]
Built to harvest the banking credentials of victims, the virulent Dridex is now one of the most dangerous pieces of financial malware in circulation. Tidal waves of spam are fuelling the growth of the Dridex Trojan, which has emerged as one of the most dangerous financial threats over the past year. The sheer size of […]