Cyberthreats to financial organizations in 2022
First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts for 2021 […] more…Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
By Lorin Wu (Mobile Threats Analyst) We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious […] more…APT review: what the world’s threat actors got up to in 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to […] more…Kaspersky Security Bulletin 2018. Top security stories
Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of […] more…IT threat evolution Q2 2018
Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world – with its main focus in the MENA (Middle East and North Africa) region, especially Palestine. The attacks, which started early in 2017, target parliaments, […] more…IT threat evolution Q1 2018
Targeted attacks and malware campaigns Skygofree: sophisticated mobile surveillance In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices. The malware, called Skygofree (after one of the domains it uses), is a targeted cyber-surveillance tool that has been in development since 2014. The malware is spread by […] more…Android Click-Fraud App Repurposed as DDoS Botnet
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples on Google Play in 2016 and Clicker.BN last month. These threats are characterized by a common behavior: They appear innocuous but in the background they perform HTTP requests (simulating clicks) on paid “advertainment” to make […] more…Spora Ransomware Infects ‘Offline’—Without Talking to Control Server
Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature—to work offline. Propagation vector The spam campaign carries a .zip file, which contains an HTA (HTML Application) file to […] more…Will CryptXXX Replace TeslaCrypt After Ransomware Shakedown?
by Jaaziel Carlos, Anthony Melgarejo, Rhena Inocencio, and Joseph C. Chen The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent […] more…Will CryptXXX Replace TeslaCrypt After Ransomware Shakeup?
by Jaaziel Carlos, Anthony Melgarejo, Rhena Inocencio, and Joseph C. Chen The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent […] more…CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These “quarantined” files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to […] more…Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to drop a binary browser exploit with .SWF files, infecting the client machine. This time we saw the opposite, where a binary .SWF file injects an invisible iFrame. This is an […] more…LilyJade Version 2.0 – Malicious Browser Extension
In Market, there are different web browsers available, in order to gain the popularity and more usability of these browsers among the users requires some extra features apart from just merely being used to browse web. In hence, they introduce some extra feature to their browsers one among that is the browser plug-in which the […] more…More information
- Botnets Target Old Vulnerability in Symantec Secure Web Gateway
- Sextortion and what to do about it [VIDEO]
- Microsoft loans Dell $2 billion to help them go private
- Malicious Office Docs Install Proxies to Spy on HTTPS Traffic
- Bitcoins banned in Thailand
- Google Project Zero will give a 30-day grace period before disclosing security issues
- Rights Group Verifies Polish Senator Was Hacked With Spyware
- China to offer recoverable satellites-as-a-service
- LANtenna hack spies on your data from across the room! (Sort of)
- Resolved: Issues accessing Comcast ISP