Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers
We kicked off 2018 with two powerful new exploits: Meltdown and Spectre. And since the discovery of Meltdown and Spectre on January 3rd, vendors have been hard at work issuing patches to remedy their nasty side effects – with the majority supplying fixes within the first week. But, unfortunately, some malware makers have still found […] more…New GnatSpy Mobile Malware Family Discovered
Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October. (We detect these malicious apps as ANDROIDOS_STEALERC32). VAMP targeted various types of data from the phones of victims: […] more…Malware Mines, Steals Cryptocurrencies From Victims
How’s your Bitcoin balance? Interested in earning more? The value of cybercurrency is going up. One way to increase your holdings is by “mining,” which is legal as long as it is done with the proper permissions. Using your own mining equipment or establishing a formal agreement for outsourcing are two methods. Hardware vendors such […] more…Coin Miner Mobile Malware Returns, Hits Google Play
By Jason Gu, Veo Zhang, Seven Shen The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance. Recently, we found that apps with malicious cryptocurrency mining capabilities on […] more…When Your Media Player Watches You – Trojan Infects Software Downloads for Macs
Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems. Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s […] more…What Is Script-Based Malware? How to Stay Protected from This Sneaky Cyberthreat
When you hear the word “script,” you probably think of either a movie script, or JavaScript. Though most of us don’t get to see movie scripts, JavaScript is a little more readily available, since it’s one of the many scripting languages that are commonly used by programmers to enhance features of websites. Their popularity, unfortunately, […] more…McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware
Today we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics: Earlier this year, WannaCry malware infected more than 300,000 computers […] more…A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs
By Jaromir Horejsi (Threats Analyst) Cloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications. We saw a similar—albeit a […] more…Autodesk’s A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs
By Jaromir Horejsi (Threats Analyst) Cloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications. We saw a similar—albeit a […] more…Locky Ransomware Makes a Comeback with New .Diablo6 and .Lukitus Variants
Old threats die hard it seems as Locky ransomware, one of the most powerful threats out there, is back in town. Historically, we’ve seen this ransomware do serious damage, as it has rapidly adapted its capabilities to keep victims and security researchers bewildered. Now, it’s evolved with two new forms to become even more stealthy […] more…GhostClicker Adware is a Phantomlike Android Click Fraud
By Echo Duan and Roland Sun We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode scanners, multimedia recorders […] more…CVE-2017-0199: New Malware Abuses PowerPoint Slide Show
By Ronnie Giagone and Rubio Wu CVE-2017-0199 was originally a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office to deliver malware. It is commonly exploited via the use of malicious Rich Text File (RTF) documents, a method […] more…Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
By Gilbert Sison and Janus Agcaoili Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. Just in May, we pointed out how it had gone through six separate versions with various differences in its routines. Several months later and it seems to have evolved again, this […] more…A Look at JS_POWMET, a Completely Fileless Malware
by Michael Villanueva As cybercriminals start to focus on pulling off attacks without leaving a trace, fileless malware, such as the recent SOREBRECT ransomware, will become a more common attack method. However, many of these malware are fileless only while entering a user’s system, as they eventually reveal themselves when they execute their payload. Attacks […] more…LeakerLocker Mobile Ransomware Threatens to Expose User Information
by Ford Qin While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. The LeakerLocker ransomware […] more…ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer
With additional insights/analysis from Chaoying Liu We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel. ProMediads has been active as early as 2016, employing Rig […] more…More information
- IBM: Retail attacks down, but when they hit cyber-attackers get more
- Oracle Improves Cloud Security Offering
- Der Vorname Lina: Bedeutung, Namenstag und Herkunft
- Russian Held as Agent Studied US Groups’ Cyberdefenses
- Recent Zyxel NAS Vulnerability Exploited by Botnet
- Buhtrap Gang Steals Millions From Russian Banks
- Taking down the internet: possible but how probable?
- 3 solid project management apps for iOS and Mac
- How SSL Works with a Website Firewall
- Web Malware Trends and the Mac Flashfake / Flashback Outbreak