Articles about Malware

An investigation spanning the US and Europe is under way after tens of millions of dollars was stolen from bank accounts. The thefts are believed to have been facilitated by a strain of malware known variously as Dridex, Bugat, and Cridex, enabling a group known as Evil Corp to siphon off funds.

The malware has been known of for some time, but law enforcement agencies have only just started to make significant inroads that could thwart the activities of the botnet. An arrest has now been made in connection to the malware which hijacked online banking login pages on infected computers. After stealing usernames and passwords, taking money from accounts was a simple task.

Continue reading →

A newly discovered malware targets Microsoft’s Outlook Web App, the company’s web-based email client. The news was unveiled by security firm Cybereason, which said the advanced persistent threat (APT) can enable patient attackers to steal an organization’s email passwords over time.

By using this approach, the hackers managed to collect and retain ownership over a large set of credentials, allowing them to maintain persistent control over the organization’s environment, Cybereason says.

Continue reading →

Well, this is a new one -- a piece of malware has been discovered which infects routers, but bolsters their protection against other viruses and nastiness, rather than doing anything bad.

Linux.Wifatch apparently improves the security of routers, many of which are poorly configured and are increasingly targets for malware authors.

Continue reading →

The security industry tends to focus on prevention, but even on the best protected system there's always a chance of zero day infections slipping through the net. It's therefore important that products have an effective removal capability too.

The latest report from independent testing organization AV-Comparatives focuses on 16 of the leading security tools and how good they are at removing malware from infected systems.

Continue reading →

On the day that Apple releases El Capitan details of an exploit that makes it possible to bypass the Gatekeeper feature of OS X have emerged. Designed to combat various forms of malware, the security feature can be bypassed using a simple trick involving the use of a signed binary.

Even when Gatekeeper is configured to use its highest level of protection, the ease with which the fortifications can be slipped through is staggering. Using a file that has already been deemed trustworthy by Apple, it is possible to trick OS X into executing a malicious file stored in the same folder as the signed one. No patch is yet available, and it is believed the problem affects all versions of OS X.

Continue reading →

If you frequent Android forums you'll probably have seen references to 'Monkey Test' and 'Time Service' as users report that it's hard to get rid of these apps.

Researchers at Cheetah Mobile's CM Security Research Lab have discovered that the source of these apps is a virus called 'Ghost Push'. This installs unwanted and annoying apps on the device and can't be removed easily even by doing a factory reset or using normal antivirus software.

Continue reading →

Apple has started a clean-up operation of the Chinese version of its App Store after it was flooded with apps infected with XcodeGhost malware. The problem was not detected by Apple, but a number of security firms who discovered various malicious iPhone and iPad apps littering the Store.

The apps made their way past Apple's usually-rigorous vetting process after developers were tricked into using a counterfeit version of the Xcode tool to create them. The attack has been described as "a pretty big deal" although at this stage there are no reported instances of data theft or attacks on victims.

Continue reading →

You've probably heard talk recently of Facebook adding a Dislike button or an 'empathize' button. While this is certainly something that has been in the news, it is not yet a reality -- and it has created a great opportunity for scammers to cash in on people's impatience.

We don’t get know exactly what form the Dislike button will take, or when it will appear, but there are now several scams in operation that lure in victims with the promise of instant access to the yet-to-be-released feature. A variety of techniques are employed by scammers to encourage victim to "Download the official DISLIKE button now". It is, of course, a fake, and there are a number of things to look out for.

Continue reading →

Malware writers may feel as though they've hit the jackpot after a slip-up by D-Link. The networking company released open source firmware that revealed the private keys used to sign D-Link software.

It was discovered that the firmware for a D-Link DCS-5020L security camera included D-Link's private keys as well as the passphrases needed to sign software. Windows users could have been at risk as malicious software could have been signed allowing for the installation without alerting security software.

Continue reading →

PandaLabs, the malware research arm of Panda Security, has published its latest quarterly report showing that malware creation levels have broken new records.

It reveals that in the second quarter of 2015 there were an average of 230,000 new malware samples detected each day, which means a total of 21 million new types in these three months. Compared to the same period last year, where there were 160,000 registered samples, this is an increase of 43 percent.

Continue reading →

The latest ransomware to hit Android users attempts to force victims into coughing up $500 by changing the PIN used to lock the device. Disguising itself as a system patch and then a message from the FBI suggesting that 'forbidden pornographic sites' have been viewed, the Android/Lockerpin.A malware differs from previous examples of ransomware that encrypted data.

The malware is impossible to remove without root access or by performing a factory reset. An interesting feature of the PIN change is that even the attacker is unware of what the new code is -- handing over money really makes no difference. But also worthy of note is the way in which Android/Lockerpin.A manages to gain Device Admin privileges.

Continue reading →

The 'keylogger' that's built into Windows 10 has gained something of a bad reputation -- but it's really a bit of a misnomer. Yes, there is a component that -- technically speaking -- tracks what you input using the keyboard, screen, mouse, voice, and stylus... but it's a bit more complicated than that. It is not really a keylogger in the sense that the malware term usually implies.

Microsoft openly admits that "when you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information". It's done with the intention of improving the accuracy of suggestions, providing a personalized experience, and so on. But we live in an age where privacy matters. If you are concerned about the privacy implications of this component of Windows 10, you can disable it. Here's how.

Continue reading →

We're used to seeing malware that exploits unpatched vulnerabilities in software. But in a new twist attackers are bundling an old version of remote access package TeamViewer with their malware in order to take advantage of a flaw.

The malware known as TVSPY has been uncovered by researchers at security company Damballa. While the current version of TeamViewer has fixed this vulnerability, the bundled version works independently of any existing TeamViewer installation on the target PC.

Continue reading →

Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani -- two of the team behind the myki identity management security software -- found that a series of terminal commands can be used to extract a range of stored credentials.

What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute.

Continue reading →

Receiving a new smartphone with malware pre-installed is unlikely, but this is exactly what has happened with handsets from well-known brands sold by some third-party sellers in Asia and Europe. Consumers expect them to run factory software, so it is unlikely that they will check to see whether it has been modified prior to using their account credentials and storing sensitive information, making these kind of infections extremely dangerous.

Security firm G Data has discovered malware on more than 20 smartphone models which were advertised as new. And we are not talking about no-name brands. Among other companies, Huawei, Lenovo and Xiaomi, top-tier vendors, have had their devices infected prior to the sale.

Continue reading →