A new worm has been discovered which spreads a modern variant of the remote access tool (RAT) Bladabindi. According to researchers from Trend Micro, the worm spreads Bladabindi — also known as njRAT/Njw0rm — in a fileless form by propagating through removable drives and storage.
In a blog post, the cybersecurity team said Bladabindi has been recompliled, refreshed, and rehashed for years, leading to its presence in countless cyberespionage campaigns. The worm which is now spreading a modern variant of Bladabindi is detected as Worm.Win32.BLADABINDI.AA.
Read more about the new worm that is capable of keylogging, spying, and far more, on ZDNet.
An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.
A Cofense analysis of popular keylogging malware – which records user imputs in real-time to find passwords and other information – found that cybercriminals are abusing Zoho in two ways. One is by creating bogus, free accounts, and using these to receive emails from their malware containing the stolen data from the keylogger. Secondly, attackers in some cases are using stolen accounts to facilitate this same data exfiltration.
Read more about the findings of the Cofense analysis on Threatpost.
The popularity and pervasiveness of Zeus/Zbot has made it almost a synonym for banking malware, but there are unfortunately many more types of malicious software that allow attackers to steal money from their victims. Some of these, in the “right” hands, can bring in an astounding amount of money.
Take for example Predator Pain and Limitless, two low-priced ($40 or less), off-the-shelf keyloggers/RATs that are able to collect and exfiltrate information from infected machines.
Wielded by cybercriminals targeting small and medium-sized businesses in Hong Kong, they netted them $75 million in the first half of this year alone, as estimated by the Commercial Crime Bureau of Hong Kong Police Force.
“Consider: this means that cybercriminals in a single city, within six-months, equaled all the losses from Zbot up to the present,” Trend Micro senior threat researcher Ryan Flores pointed out.
Read about how a small keylogger is being used to target small and medium businesses on Help Net Security.