New Phishing Scam uses AES Encryption and Goes After Apple IDs
by Jindrich Karasek Recent data breaches and privacy scares, along with the upcoming General Data Protection Regulation (GDPR) from the European Union, have triggered a change in the way companies handle their users’ data. As a result, many of them have been sending emails asking their users to update their profiles or proactively strengthen security. […] more…Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
by Lenart Bermejo and Ronnie Giagone (Threats Analysts) We came across a new version of a cryptocurrency-mining RETADUP worm (detected by Trend Micro as WORM_RETADUP.G) through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys (i.e., keyboard shortcuts, macros, […] more…XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects […] more…Mitigating Digital Risk from the Android PC in Your Pocket
Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing […] more…njRAT Gets Ransomware, Crypto-Currency Stealing Capabilities
An updated version of the njRAT remote access Trojan (RAT) is capable of encrypting files and stealing virtual currencies from crypto-wallets, Zscaler warns. Also known as Bladabindi, njRAT has been around since at least 2013 and is one of the most prevalent malware families. Built in .NET Framework, the malware provides attackers with remote control […] more…Microsoft Fixes Windows Flaw Introduced by Meltdown Patches
Microsoft has released out-of-band updates for Windows 7 and Windows Server 2008 R2 to address a serious privilege escalation vulnerability introduced earlier this year by the Meltdown mitigations. Researcher Ulf Frisk reported this week that the patches released by Microsoft in January and February for the Meltdown vulnerability created an even bigger security hole that […] more…"Fauxpersky" Credential Stealer Spreads via USB Drives
A recently discovered credential stealing malware is masquerading as Kaspersky Antivirus and spreading via infected USB drives, according to threat detection firm Cybereason. Dubbed Fauxpersky, the keylogger was written in AutoIT or AutoHotKey, which are simple tools to write small programs for various automation tasks on Windows. AHK can be used to write code to […] more…Microsoft Patches for Meltdown Introduced Severe Flaw: Researcher
Some of the Windows updates released by Microsoft to mitigate the Meltdown vulnerability introduce an even more severe security hole, a researcher has warned. Microsoft has released patches for the Meltdown and Spectre vulnerabilities every month since their disclosure in January. While at this point the updates should prevent these attacks, a researcher claims some […] more…jRAT Leverages Crypter Service to Stay Undetected
In recently observed attacks, the jRAT backdoor was using crypter services hosted on the dark web to evade detection, Trustwave security researchers have discovered. Also known as Adwind, AlienSpy, Frutas, Unrecom, and Sockrat, the jRAT malware is a Windows-based Remote Access Trojan (RAT) discovered several years ago that has already infected nearly half a million […] more…A Closer Look at Unpopular Software Downloads and the Risks They Pose to Organizations
By Dr. Marco Balduzzi, Senior Researcher, Forward-Looking Threat Research Team As a large cyber security vendor, Trend Micro deals with millions of threat data per day. Our Smart Protection Network (SPN), among other technologies, helps us conduct research and investigate new threats and cybercrimes to improve our ability to protect our customers. In this blog post, […] more…‘Slingshot’ Is U.S. Government Operation Targeting Terrorists: Report
The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report. Earlier this month, Kaspersky published a report detailing the activities of a threat actor targeting entities in the Middle East and Africa — sometimes by hacking into their Mikrotik routers. […] more…‘Slingshot’ Campaign Outed by Kaspersky is U.S. Operation Targeting Terrorists: Report
The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report. Earlier this month, Kaspersky published a report detailing the activities of a threat actor targeting entities in the Middle East and Africa — sometimes by hacking into their Mikrotik routers. […] more…AV Test Android Results 2018
2017 marked not only an explosion in mobile malware but also showed dramatic changes in the mobile landscape, setting up this year to be one of the riskiest years yet. In 2018, there will be an estimated five billion mobile subscribers worldwide which could be enticing bait for malware authors, who have ramped up the […] more…Microsoft lifts update embargo on Windows 10
Microsoft this week lifted the security update blockade on Windows 10 PCs that do not have approved antivirus software, but kept the no-patches-for-you rule in place for the more popular Windows 7. The update roadblock was assembled in early January, when Microsoft issued mitigations against the Spectre and Meltdown vulnerabilities. Those vulnerabilities stemmed from design […] more…Combatting the Transformation of Cybercrime
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows […] more…Microsoft Releases More Patches for Meltdown, Spectre
Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to […] more…More information
- iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location
- Zero-day exploit lets App Store malware steal OS X and iOS passwords
- Whitelisting project helps industrial control systems owners find suspicious files
- Anonymous plans more attacks on Chinese Web sites
- Stuxnet worm analyzed as world’s first true cyber-weapon
- Developer lifts Windows 7’s update blockade with unsanctioned patch
- Check your patches – public exploit now out for critical Exchange bug
- U.S. admits cyberattacks on Iran, others
- Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops
- Breach at Fast Food Chain Sonic Could Impact Millions: Report