Millions of Android devices could have been affected by a new auto-clicking adware program found in apps developed by a Korean company.

Uncovered last week by security company Check Point malicious apps included a series of casual cooking and fashion games under the 'Judy' brand.

Continue reading →

There have already been suggestions that the now infamous WannaCry ransomware was the work of the North Korean hacking group Lazarus. Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

But while the links to Lazarus are strong, North Korea denies that it was involved in any sort of state-sponsored attack, dismissing such claims as "a dirty and despicable smear campaign." It is thought that the group -- also responsible for attacking Sony Pictures and stealing $81 million from the Bangladesh Central Bank -- operated independently for personal gain.

Continue reading →

A new form of malware is targeting innocent victims in order to mine cryptocurrency for its creators.

Adylkuzz, which targets the Monero cryptocurrency, stays hidden within an infected machine, and does not give visual warnings or interfere with users’ files.

Continue reading →

As last Friday's WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.

Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.

Continue reading →

ModZero security researchers have uncovered an unexpected behavior in an HP audio driver. The package, which is offered by the electronics maker through its website, secretly registers "all keyboard input," effectively working as a keylogger. Question is, is this a bug or a feature?

It is not abnormal for an audio driver to look for when certain keys are pressed, as, for instance, if you press the volume down button on the keyboard the driver needs to intercept that keystroke so it does what you asked it to, but it is uncommon for one to cast such a wide net, and, as a result, put users' private information, like usernames, passwords, personal communication and so on, at risk.

Continue reading →

The Sednit group believed to have been involved in interference with the French election was also responsible for a phishing attack that used President Trump to lure in victims. Security firm ESET analyzed a phishing email with an attachment named Trump's_Attack_on_Syria_English.docx and found that it had the hallmarks of the well-known group.

The document was engineered to infect victims' computers with the Seduploader tool, and it did this by exploiting two vulnerabilities, one in Microsoft Word, and one in Windows. Sednit -- previously known as APT28, Fancy Bear, and Sofacy -- took advantage of a recently discovered Remote Code Execution vulnerability in Word (CVE-2017-0262) as well as a security hole in Windows (CVE-2017-0263) in executing the attack.

Continue reading →

Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.

The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted. Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a "legitimate, yet controversial" recovery toolkit provided by Nirsoft.

Continue reading →

Anyone who downloaded the Mac video transcoder HandBrake in the last few days stands a 50 percent change of being infected with a Trojan. The download for version 1.0.7 of HandBrake was infected after the mirror download server was compromised.

The Trojan allows for an attacker to remotely access an infected computer, and a malware-laced version of the app was made available for download between May 2 and May 6. If you downloaded the app in this window, you're advised to check the SHA1/256 sum, and if you have gone as far as installing the software, there are steps to take to determine if you're infected and remove the malware if you are.

Continue reading →

IBM is warning customers of its Storwize hybrid enterprise storage solutions that it has accidentally sent out some malware infected USB sticks.

Companies ordering the Storwize V3500, V3700 and V5000 Gen 1 flash storage solutions may have been sent the infected sticks. The malware is contained in the directory for the initialization tool and when the tool is run it gets copied to a temporary directory on the computer’s hard drive.

Continue reading →

For many of us, there is no device more important than our smartphone. There is so much valuable data on it -- contacts, business emails, private messages, personal photos and videos, sensitive files and so on -- that you really do not want it to fall into the wrong hands. Some believe it would be impossible to replace, which is why they'd rather have their wallet stolen instead of lose their data.

However, when using a smartphone, security is often an afterthought, which is why so many users fall victim to malware. And that's a shame, because covering your bases is not all that difficult. You can set up a PIN, password or configure the fingerprint sensor and use a dedicated security app to keep your smartphone and the data on it safe. AVG's AntiVirus is a very popular option on Android, thanks to its robust feature set and ease of use.

Continue reading →

Hajime, a mysterious IoT botnet, now controls almost 300,000 devices, according to a new report by Kaspersky Lab. The report also states that the botnet's true purpose is still unknown.

Kaspersky says the malware, whose name means "beginning" in Japanese, first appeared in October 2016. Since then it has evolved into a decentralized group of compromised machines that discretely perform either spam or DDoS attacks.

Continue reading →

Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the Play Store. The latest large-scale batch to be discovered takes the form of adware known as FalseGuide.

As you may have guessed from the name -- and your own experience of Google Play -- this malware spreads by fooling people into installing apps purporting to be guides to popular games. The apps themselves are fairly innocuous -- and often are guides as they claim to be -- but they then download additional modules which can be used to bombard users with ads.

Continue reading →

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality -- shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling-out, it’s the software on your website. There are a couple main culprits for this scenario.

Continue reading →

Researchers at threat intelligence specialist Recorded Future have uncovered a new strain of ransomware called Karmen that’s designed for use by people with limited technical expertise.

The ransomware-as-service has been developed by Russian and German hackers and is notable for its user-friendly approach. It comes equipped with a dashboard that allows the tracking of computers infected with the virus, including the status of any ransom that’s been paid.

Continue reading →

The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.

While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks -- and that Longhorn is just a branch of the CIA -- Symantec opts for a rather more conservative evaluation of things: "there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Continue reading →