The Aurora Power Grid Vulnerability and the BlackEnergy Trojan
At recent Industrial IoT security briefings, the Aurora vulnerability has come up repeatedly. Attendees ask, “Is our country’s power grid safe? How can we protect the grid? What is Aurora?” This post provides a look at Aurora, and the BlackEnergy attack that can exploit Aurora. In March 2007, the US Department of Energy demonstrated the…
Exploits and fileless malware drive record new malware surge
McAfee released its McAfee Labs Threat Report: December 2017, examining the growth and trends of new malware, ransomware, and other threats in Q3 2017. McAfee Labs saw malware reach an all-time high of 57.6 million new samples – four new samples per second – featuring developments such as new fileless malware using malicious macros, a…
Removal Attempt Turns Android Banking Trojan Into Ransomware
Researchers at SfyLabs have detailed the capabilities of an Android banking Trojan named LokiBot that is designed to turn into a piece of ransomware when users attempt to remove it from their devices. LokiBot has been around since at least June and its authors have been rolling out new features nearly every week. Once it…
Android malware on Google Play adds devices to botnet
We have encountered a new and highly prevalent type of Android malware (detected as Android.Sockbot) posing as apps on Google Play and later adding compromised devices into a botnet. So far we have identified at least eight such apps, with an install base ranging from 600,000 to 2.6 million devices. This malware appears primarily targeting…
Android Ransomware Abuses Accessibility Services
A newly discovered ransomware family targeting Android devices is abusing the platform’s accessibility services, ESET warns. Dubbed DoubleLocker, this innovative Android malware doesn’t merely encrypt users’ data, but also locks the infected devices down, security researchers from ESET say. The ransomware is based on the source code of BankBot banking Trojan, which is already known for misusing…
Researchers Uncover Infrastructure Behind Chthonic, Nymaim Trojans
While analyzing malware that uses PowerShell for infection, Palo Alto Networks managed to uncover the infrastructure behind recent attacks that leveraged the Chthonic and Nymaim Trojans, along with other threats. The analysis kicked off from one malicious sample, but resulted in security researchers from Palo Alto Networks being able to identify 707 IPs and 2,611 domains supposedly…
Malware Hunter: Find C&C servers for botnets
Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers. Malware Hunter unearths computers hosting RAT controller software that remotely controls malware-infected computers and instructs them to execute malicious activities such as recording audio, video,…
Dok Mac malware intercepts victims’ web traffic, installs backdoor
A new piece of Mac malware, more insidious and dangerous that all those encountered before, has been flung at European users via fake (but relatively convincing) emails. In examples uncovered by Check Point, the emails were made to look like they were sent from a tax agency, and ostensibly warn the recipients about inconsistencies in…
“Switcher” Android Trojan Hacks Routers, Hijacks Traffic
Researchers at Kaspersky Lab have come across a new Android Trojan that hacks routers and changes their DNS settings in an effort to redirect traffic to malicious websites. Dubbed “Switcher,” the malware has been disguised as an Android client for the Chinese search engine Baidu, and a Chinese app for sharing Wi-Fi network details. Once…
A Trojan from Google ads
If you don’t go to suspicious sites, malware can’t get you — right? Well, no. Unfortunately, even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected. New developments suggest that malware can be found even on an absolutely legitimate site, as…