Articles about Malware

When we take a look at the Android distribution updates that Google posts every month one thing seems to never change, and that is the overwhelming number of devices that run an outdated version of the operating system. As of early-June 2016, nearly 90 percent of the handsets with Google Play access are rocking Lollipop, Jelly Bean or another old distribution. Meanwhile, Marshmallow powers only 10.1 percent of Android devices.

And, as Trend Micro security researchers point out, that can be a serious problem in terms of security as there is a new family of malware, known as Godless, that affects "virtually any Android device running on Android 5.1 (Lollipop) or earlier". Using Google's figures, that's 89.9 percent of the Android handsets in use. What's really worrying is that this malware is actually linked to apps available in major app stores, like Google's Play, and it has already made 850,000 victims across the globe.

Continue reading →

AT&T has revealed that its network is constantly under the threat of attack by cybercriminals looking for ways to breach its security.

Each day the company detects over 30 billion malicious scans being deployed to find weaknesses in its network. Cybercriminals often use such scans to detect security vulnerabilities that could be exploited in future attacks. Researchers at AT&T also noted how the number of ransomware attacks increased significantly, with as many as 1.5 million new attacks occurring between 2013 and 2015.

Continue reading →

While the ransomware threat is growing at an alarming rate, many consumers remain oblivious to the dangers posed by this form of malware. It is no wonder that infections are at a record level. And things will only get worse as ransomware creators target new types of devices.

Security researchers at Trend Micro have discovered a new ransomware, referred to as FLocker, that targets Android-powered smart TVs. When activated, it locks the device and asks the user to pay "a fine" to enable full functionality again. Interestingly enough, it takes the ransom in iTunes gift cards, not Bitcoin or another cryptocurrency.

Continue reading →

Microsoft has changed the way it displays malware warnings in its search engine Bing to help users distinguish between the various forms of attacks that can appear in its searches.

The company has decided to replace its generic warning for websites that could be potentially dangerous for users, and instead offer separate warnings for sites that are known to contain malware and phishing sites.

Continue reading →

If you need another reason to pay attention to online security, new measures under consideration by banks could sharpen your focus. At the moment, banks in the UK frequently shoulder the cost of online fraud when customers fall victim. But all this could be set to change.

The plans being looked at by banks, GCHQ and the UK government could see people who haven’t taken care of their own online security being excluded from receiving compensation if their account is hacked.

Continue reading →

There’s a Trojan out there that forces infected computers to automatically click on advertising banners. By doing so, its creators are earning money while businesses paying to be seen are just burning a hole in their budgets without achieving anything.

Those are the results of a new report by security firm Bitdefender, which has identified the Trojan as Redirector.Paco. According to the company’s press release, the Trojan has, since 2014, infected 900,000 machines.

Continue reading →

The so-called God Mode hack for Windows is rather less grand than it might first sound. Rather than granting users deity-like abilities, it simply provides one-folder access to an absolute butt-load of Control Panel options and settings. But security researchers have discovered that the technique used to create this special folder can also be exploited by malware.

McAfee says that while the Easter Egg is great for power users, it is also being used by attackers for "evil ends". By placing files within the God Mode shortcut folder, malware such as Dynamer is able to run undetected on a victim's computer.

Continue reading →

Hackers are targeting specific countries with their malware now, new research from security firm Sophos shows.

The security firm analyzed millions of devices worldwide and has come up with the conclusion that it seems to be more lucrative if the malware is specifically designed to target certain cultures or countries.

Continue reading →

Qbot -- also known as Qakbot -- is a form of malware that's been around for a number of years, but security researchers at Cisco Talos have noted that it has returned with a vengeance. Once installed the malware steals sensitive data stored in files and cookies, and also monitors live web sessions to grab login credentials.

Detection and immunization is made difficult thanks to the fact that Qbot uses random strings, code blocks, file names and encryption keys to slip under the radar, although it can still be detected by its behavior. Cisco Talos analyzed no fewer than 618 examples of the malware; Qbot was found to feature its own auto-update function and it appears that developers have been hard at work on it.

Continue reading →

The Swift (Society for Worldwide Interbank Financial Telecommunication) system has apparently fallen victim to the same sophisticated hacking scheme that was used to disrupt the Bangladesh central bank last month.

The cyberattack in Bangladesh resulted in a loss of $951 million from the central bank's account at the Federal Reserve in New York and it now seems likely, thanks to new research from BAE systems, that Swift was also compromised during the attack.

Continue reading →

Security firm Kaspersky has released a tool that can be used to decrypt files on computers hit by the CryptXXX ransomware. Rather than paying the ransom demanded to regain access to files, victims are now able to turn to the free RannohDecryptor utility.

CryptXXX had been identified by ProofPoint earlier in the month and described as being closely linked to the Reveton ransomware operation and Angler/Bedep. The ransom of $500 is considered to be quite high, but Kaspersky's free decryption tool means that files can be retrieved without having to part with a cent.

Continue reading →

Remote access Trojans (RATs) have been used for many years to allow attackers to gain access to and take control of user’s systems.

Usually RATs are delivered when a user opens an email attachment or downloads a file from a website or peer-to-peer network. This involves direct delivery of the payload which makes detection easier.

Continue reading →

According to a new report from German security company G DATA, more malicious websites were hosted in the US in 2015 than in any other country, originating around 57 percent of recorded attacks.

China, Hong Kong, Russia and Canada are also major hosts of malware, though Europe is little in evidence, only Germany and Italy making the top seven and accounting for just six percent between them.

Continue reading →

The PETYA ransomware is just one of the recent examples of malware that encrypts victims' hard drives until a fee is paid. The advice from the government is not to pay the ransom -- or at least not expect to get a decryption key if you do -- but a password generator has been created that means you can decrypt your hard drive for free.

While TeslaCrypt 4 boasts 'unbreakable encryption', the same cannot be said of PETYA, although the PETYA ransomware does have the irritating habit of overwriting MBRs. This does mean that there is no way to interact with the drive on the infected computer, but with access to a spare machine to read the drive and access to the online tool created by Leostone, you could have your data back in seconds. As the tool's website proudly proclaims, you can "Get your petya encrypted disk back, WITHOUT paying ransom!!!" -- here's what you need to do.

Continue reading →

Linux-based operating systems are rock solid -- reliable and secure -- but not infallible. The Mumblehard malware, for instance, targets servers running the open source kernel, installing a backdoor, and then turning them into part of a powerful spam-focused botnet. Surprisingly, Mumblehard was rather widespread, infecting 4,000 Linux-powered servers.

Of course, had administrators patched the systems appropriately, there is a good chance that some of them would have avoided infection. I say this, because ESET found that some machines were infected through known exploits, in things like WordPress. Thankfully, ESET successfully terminated the botnet on February 29th, 2016 by taking control of the home IP.

Continue reading →