Articles about Malware

As last Friday's WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.

Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.

Continue reading →

ModZero security researchers have uncovered an unexpected behavior in an HP audio driver. The package, which is offered by the electronics maker through its website, secretly registers "all keyboard input," effectively working as a keylogger. Question is, is this a bug or a feature?

It is not abnormal for an audio driver to look for when certain keys are pressed, as, for instance, if you press the volume down button on the keyboard the driver needs to intercept that keystroke so it does what you asked it to, but it is uncommon for one to cast such a wide net, and, as a result, put users' private information, like usernames, passwords, personal communication and so on, at risk.

Continue reading →

The Sednit group believed to have been involved in interference with the French election was also responsible for a phishing attack that used President Trump to lure in victims. Security firm ESET analyzed a phishing email with an attachment named Trump's_Attack_on_Syria_English.docx and found that it had the hallmarks of the well-known group.

The document was engineered to infect victims' computers with the Seduploader tool, and it did this by exploiting two vulnerabilities, one in Microsoft Word, and one in Windows. Sednit -- previously known as APT28, Fancy Bear, and Sofacy -- took advantage of a recently discovered Remote Code Execution vulnerability in Word (CVE-2017-0262) as well as a security hole in Windows (CVE-2017-0263) in executing the attack.

Continue reading →

Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.

The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted. Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a "legitimate, yet controversial" recovery toolkit provided by Nirsoft.

Continue reading →

Anyone who downloaded the Mac video transcoder HandBrake in the last few days stands a 50 percent change of being infected with a Trojan. The download for version 1.0.7 of HandBrake was infected after the mirror download server was compromised.

The Trojan allows for an attacker to remotely access an infected computer, and a malware-laced version of the app was made available for download between May 2 and May 6. If you downloaded the app in this window, you're advised to check the SHA1/256 sum, and if you have gone as far as installing the software, there are steps to take to determine if you're infected and remove the malware if you are.

Continue reading →

IBM is warning customers of its Storwize hybrid enterprise storage solutions that it has accidentally sent out some malware infected USB sticks.

Companies ordering the Storwize V3500, V3700 and V5000 Gen 1 flash storage solutions may have been sent the infected sticks. The malware is contained in the directory for the initialization tool and when the tool is run it gets copied to a temporary directory on the computer’s hard drive.

Continue reading →

For many of us, there is no device more important than our smartphone. There is so much valuable data on it -- contacts, business emails, private messages, personal photos and videos, sensitive files and so on -- that you really do not want it to fall into the wrong hands. Some believe it would be impossible to replace, which is why they'd rather have their wallet stolen instead of lose their data.

However, when using a smartphone, security is often an afterthought, which is why so many users fall victim to malware. And that's a shame, because covering your bases is not all that difficult. You can set up a PIN, password or configure the fingerprint sensor and use a dedicated security app to keep your smartphone and the data on it safe. AVG's AntiVirus is a very popular option on Android, thanks to its robust feature set and ease of use.

Continue reading →

Hajime, a mysterious IoT botnet, now controls almost 300,000 devices, according to a new report by Kaspersky Lab. The report also states that the botnet's true purpose is still unknown.

Kaspersky says the malware, whose name means "beginning" in Japanese, first appeared in October 2016. Since then it has evolved into a decentralized group of compromised machines that discretely perform either spam or DDoS attacks.

Continue reading →

Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the Play Store. The latest large-scale batch to be discovered takes the form of adware known as FalseGuide.

As you may have guessed from the name -- and your own experience of Google Play -- this malware spreads by fooling people into installing apps purporting to be guides to popular games. The apps themselves are fairly innocuous -- and often are guides as they claim to be -- but they then download additional modules which can be used to bombard users with ads.

Continue reading →

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality -- shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling-out, it’s the software on your website. There are a couple main culprits for this scenario.

Continue reading →

Researchers at threat intelligence specialist Recorded Future have uncovered a new strain of ransomware called Karmen that’s designed for use by people with limited technical expertise.

The ransomware-as-service has been developed by Russian and German hackers and is notable for its user-friendly approach. It comes equipped with a dashboard that allows the tracking of computers infected with the virus, including the status of any ransom that’s been paid.

Continue reading →

The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.

While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks -- and that Longhorn is just a branch of the CIA -- Symantec opts for a rather more conservative evaluation of things: "there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Continue reading →

Security issues with Word documents are nothing new, but they have a tendency to rely on macros -- something which users have learned to become very wary of. But now security firms FireEye and McAfee have discovered a new attack strategy that takes advantage of Windows Object Linking and Embedding (OLE).

The attack can be used to infect even a fully patched computer with malware, and it is believed to be effective in most -- if not all -- versions of Microsoft Word, and Windows 10 offers no protection. The 0day works by using code embedded in a document to pull in malware from a remote server, using various techniques to hide what is going on.

Continue reading →

A third (36 percent) of companies in the UK that have been victims of a ransomware attack are not "very confident" they managed to completely eradicate the malware from their systems, according to a new report by Citrix.

The report also shines new light on just how prevalent and dangerous ransomware attacks really are. One in three UK businesses have had more than 100 of their devices affected by ransomware recently.

Continue reading →

The latest batch of documents published by WikiLeaks as part of its Vault 7 CIA series purportedly reveals the tools used by the agency to create malware for Windows. The Grasshopper framework is revealed in 27 documents, and they show how to create Windows installers with a malware payload.

Importantly, Grasshopper allows for the easy creation of custom malware delivery options, dependant on the operating system and virus protection detected on a target machine. The documents show that the CIA repurposed malware from Russian and Italian organized crime groups.

Continue reading →