Digging deeper into JAR packages and Java bytecode
Before the Christmas break we announced the inclusion of a tool to further characterize Mac OS X executables and iPhone apps, at the same time we also silently deployed one to dig deeper into JAR packages and Java .class files. Virustotal has always scanned and produced verdicts for these types of files, as it scans […] more…Repackaging HTML5 Apps into Android Malware
Predictably, with the finalization of HTML5 standard by World Wide Web Consortium (W3C) last October, there will be a rapid growth of new HTML5 web apps coming out in the near future. Considering the platform independent characteristic in web apps, we foresee that HTML5 will accelerate the repackaging from web apps to mobile apps for […] more…Not-so-dear subscribers
Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. It might seem that the obvious solution is not to visit dubious sites and not to install apps from third-party sources. But, alas, these days such advice is […] more…Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmy RAT Distributed by Necurs
By Anita Hsieh, Rubio Wu, and Kawabata Kohei Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file […] more…Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs
By Anita Hsieh, Rubio Wu, and Kawabata Kohei Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file […] more…Post-Tax Season Spam Campaign Delivers URSNIF to North American Taxpayers
by Marshall Chen, Loseway Lu, Kawabata Kohei, and Rubio Wu Tax season has traditionally been notorious for increased cybercrime activity, as threat actors take advantage of a large number of people rushing to file their taxes. The problem has cost taxpayers billions of dollars — tax fraud amounted to $2.5 billion worth of losses in […] more…Necurs Evolves to Evade Spam Detection via Internet Shortcut File
By Miguel Ang Necurs, a botnet malware that’s been around since 2012, has been improved with the hopes of better defeating cybersecurity measures — it was seen to evolve its second layer of infection using a .URL file (with remote script downloaders detected by Trend Micro as MAL_CERBER-JS03D, MAL_NEMUCOD-JS21B, VBS_SCARAB.SMJS02, and MAL_SCARAB-VBS30. Necurs, a modular […] more…XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects […] more…XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails
By Abraham Camba and Janus Agcaoili We discovered a spam campaign that delivers the notorious cross-platform remote access Trojan (RAT) Adwind a.k.a. jRAT (detected by Trend Micro as JAVA_ADWIND.WIL) alongside another well-known backdoor called XTRAT a.k.a XtremeRAT (BKDR_XTRAT.SMM). The spam campaign also delivered the info-stealer Loki (TSPY_HPLOKI.SM1). DUNIHI (VBS_DUNIHI.ELDSAVJ), a known VBScript with backdoor and worm […] more…Meet VirusTotal Droidy, our new Android sandbox
Recently we called out Additional crispinness on the MacOS box of apples sandbox, continuing with our effort to improve our malware behavior analysis infrastructure we are happy to announce the deployment of a new Android sandbox that replaces the existing system that was developed back in 2013. This setup characterises the actions that Android APKs […] more…Oracle Server Vulnerability Exploited to Deliver Double Monero Miner Payloads
by Johnlery Triunfante and Mark Vicente The sudden rise of cryptocurrency triggered a shift in the target landscape. Cybercriminals started adapting and using their resources to try acquiring cryptocurrencies, whether through pursuing repositories like Bitcoin wallets or by compromising networks and devices to mine the currency. This isn’t completely new — ransomware authors have been using bitcoin […] more…First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services
By Lorin Wu We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has […] more…New GnatSpy Mobile Malware Family Discovered
Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October. (We detect these malicious apps as ANDROIDOS_STEALERC32). VAMP targeted various types of data from the phones of victims: […] more…App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant
by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The […] more…LeakerLocker Mobile Ransomware Threatens to Expose User Information
by Ford Qin While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. The LeakerLocker ransomware […] more…Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of […] more…Kam dál?
- Resolved: Shibboleth Security Advisory 20180112
- New FCC rules impose privacy boost for ISP customers
- Forbes Hack password shootout: Gmail vs Yahoo vs Hotmail vs AOL – whose users are the smartest?
- Update: Digital Identity Management Center (DIMC) Maintenance – July 23, 2014
- Nikjju SQL injection update (now hgbyju. com/r.php)
- Why Social Engineering is a Scammer’s Secret Weapon
- Microsoft Windows Media Player CVE-2019-1481 Information Disclosure Vulnerability
- Video shows purported iPhone 5 internals, front plate
- Update: Skillport: Extended Maintenance Window
- Netflix agrees to delete former users’ video history