GM Bot: Alive and Upgraded, Now on Android M
IBM X-Force Research detected a recently updated version of the GM Bot mobile banking malware designed to deploy on Android 6 operating systems and bypass new security applied to the platform. Android officially released this Marshmallow OS, code-named M, in October 2015. The GM Bot version we analyzed can work on all Android versions up…
IDG Contributor Network: Fasten your seatbelt in the IoT cybersecurity race
Using very old and simple techniques such as brute force attacks, cybercriminals are gaining control over a population of insecure internet of things (IoT) devices with arsenals of malware. Brian Krebs’ website was recently targeted in the largest ever distributed denial-of-service (DDoS) attack. The source code that powered the IoT botnet responsible for the attack…
Sarvdap Spambot Checks IP Blacklists
The Sarvdap spambot was recently observed checking the IP addresses of infected hosts against common blacklists, in an attempt to ensure that its spam email is successfully delivered, Palo Alto Networks security researchers reveal. While other spambots typically start sending spam emails as soon as a host has been infected, Sarvdap first checks to see…
MBRFilter: Cisco open sources tool to protect the Master Boot Record
Cisco’s Talos research team has open sourced MBRFilter, a tool that aims to prevent a system’s Master Boot Record (MBR) getting overwritten by malware. The latest malware families that use this tactic are HDDCryptor (aka Mamba) and Petya, two pieces of ransomware that not only encrypt victims’ files, but also effectively lock them out of…
Malware and spam groups exploit US election fever
Over the past month, Symantec has blocked almost 8 million spam emails relating to the US presidential election. The volume of spam has increased steadily during that period, reflecting rising interest in the election as the November 8 polling day draws near. The trend reflects one of the tactics most commonly used by spam groups….
Android.Lockscreen ransomware now using pseudorandom numbers
New variants of Android.Lockscreen are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom. Previous versions of these threats locked the screen and used a hardcoded passcode, but analysts were able to reverse engineer the code to provide victims with the passcode to unlock their devices. Attackers have also combined a…
RANSOMWARE, RECONNAISSANCE AND THE PROBLEM OF DWELL TIME
Ransomware has certainly captured the attention of the media and hospitals across the country. The poster child of this trend is Hollywood Presbyterian Medical Center (HPMC) in Los Angeles. Earlier this year, HPMC was the victim of a Ransomware attack and paid $17,000 to get the key and access their files again. More recently, the…