Articles about Malware

It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system.

High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger.

Continue reading →

We heard earlier this week that Hilton Hotels had been hit with malware designed to steal personal data and, even worse, credit card information. The breach affected point-of-sale systems. Sounds familiar? This same sort of beach happened to a number of major targets in 2015, mostly retail chains like Target and Home Depot.

Hilton has now responded to the issue and admits there was a problem. It's advising customers to keep a close eye on transactions on their accounts. Though customers are generally not held responsible for fraudulent charges it's a major hassle to go through.

Continue reading →

There’s an adware out there which uses features for the visually impaired to install malicious apps on an Android-powered device. The worst part is that it doesn’t use a vulnerability in the system, but instead abuses a service’s legitimate features.

Researchers from mobile security provider Lookout have spotted the abusers and published a blog post about it.

Continue reading →

The Dyreza banking trojan has (unfortunately) been updated, and now can target users sporting Windows 10 and its internet browser, Microsoft Edge.

The new version of the banking trojan was spotted and analyzed by EU-based security firm Heimdal Security, which claims that Dyreza will now also seek and find security products, terminating their underlying OS processes.

Continue reading →

Exploit acquisition platform Zerodium has just published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and later resells in a subscription service to its clients.

This is important as it is the first time someone has publically put a price tag on hacking.

Continue reading →

PandaLabs, the malware research arm of Panda Security has released its latest quarterly security report revealing a wave of cyberattacks where the security and information of various governments has been compromised.

The company has detected a growing interest between countries in compromising the security and information of different governments. With that in mind, one of the most important attacks during this period was against the Hacking Team, which controls a multitude of cyberespionage and cyberattack tools for various governments around the world.

Continue reading →

Online attacks take a number of forms, and phishing is one of the more recent problems. Chrome has long featured Safe Browsing to notify people when they visit potentially dangerous websites, and today Google announces that the feature is growing to include social engineering.

Google describes social engineering as being a much broader category than traditional phishing. Typical examples include sites that trick visitors into imparting passwords or credit card details, and those which purport to be an official website when they are in fact malicious. The Safe Browsing expansion offers protection against a range of social engineering attacks that Google provides examples of.

Continue reading →

An app that enables iPhone users to keep an eye on who has been looking at their Instagram account has been pulled from the App Store after it was found to be stealing usernames and passwords.

Apple took the decision to kill "Who Viewed Your Profile -- InstaAgent" when the app was found scraping login details and sending them back to the developer's server. This in itself is worrying for users, but it gets worse: the usernames and passwords were sent in unencrypted format.

Continue reading →

Extortion is just the latest in a series of weapons being used to terrorize computer users and technology companies. One of the most recent victims was ProtonMail which found itself the subject of a DDoS attack and a ransom demand -- and despite paying up, the attacks continued. But individual users also have their feet held in the fire by ransomware.

It's something that mobile users have become familiar with. Android users have been hit by malware that encrypts the contents of their phones and renders it inaccessible until a ransom is paid. It's a problem that has also affected Windows users, and the latest target is Linux. Web servers powered by Linux are being targeted by the Linux.Encoder.1 crypto-ransomware.

Continue reading →

In the world of malware, one of the most recent trends is ransomware -- malicious software that either blocks access to a computer until a fee is paid, or files are encrypted until a ransom is put forward. As with ransomware and kidnapping, a ransom is often demanded by hackers and instigators of DDoS attacks.

This is precisely what happened to 'secure' email provider ProtonMail the other day when it found its datacenter inundated with traffic. At the time, the company asked for donations to cover the costs of the "quite expensive solutions" needed to fight back against "the sophistication of this attack". But rather than fighting back, ProtonMail decided to pay the ransom instead. This could prove to be a terrible mistake.

Continue reading →

Rooting a phone is something that many people decide to do to allow them to do things and use apps that would not otherwise be possible. If you make the choice, you are in control. But security researchers at Lookout have discovered a new form of malware disguised as apps from the likes of Facebook and Twitter.

While some of the apps are partially functional, the malware has a nasty payload: it could be quietly rooting your phone in the background. Lookout has identified three families of malware -- Shuanet, ShiftyBug, and Shedun -- that can be found in more than 20,000 apps in Google Play. Once installed, the malware is almost impossible to remove.

Continue reading →

The world of online security never stands still, and if the past year has shown us anything it's that you don't need sophisticated technology to launch a successful cyber attack.

Security company Trend Micro has released its annual security predictions report outlining the threats it expects to be facing next year. It forecasts continued growth in online extortion, hacktivism and mobile malware, as well as a shift towards an offensive cybersecurity posture for government entities and corporations.

Continue reading →

Cyber security is at the forefront of people’s minds in the technology industry at the moment, with a plethora of high-profile breaches pushing the subject into the mainstream.

The likes of Sony, Ashley Madison and T-Mobile have all been hacked within the last 12 months and developing trends such as cloud computing and Bring Your Own Device (BYOD) have made security a hot topic for discussion.

Continue reading →

Windows users have long been the primary targets of all manner of security attacks, but now the tide is turning towards Mac users. In recent years there have been more viruses and malware attacks aimed at OS X, and security company Malwarebytes is now warning that Mac owners could fall victim to support scams. iPhones and iPads are also at risk.

It's a story that will be familiar to PC owners: fake technical support agents offer to remotely connect to a victim's computer to fix a (fake) problem, and then take control of the system and wreak unknown havoc. Apple does have its own, genuine remote support system accessible through ara.apple.com, but fraudulent pages with similar addresses are being used to trick people into installing remote access software.

Continue reading →

The problem of ransomware isn’t getting better. Recent examples of widespread attacks, including CoinVault, CryptoLocker and CTB-Locker, show that ransomware has become an important part of the cyber-criminals’ arsenal.

Despite this worrying trend, a survey we, at Kaspersky Lab, conducted recently found that a mere 37 percent of companies across the globe actually consider this to be a serious danger: an oversight businesses simply can’t afford to make.

Continue reading →