Tag: Malware

New Android malware hit more than 100,000 users in 196 countries

Researchers have spotted a new Android malware hidden behind six different Android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018.

However, these applications have been downloaded at least 100,000 times by users across 196 countries with the majority of victims residing in India.

Read more about the massive Android malware campaign on Cyware.

BevMo leaks credit card data (including CVVs) of 15,000 customers

American alcohol retailer BevMo has suffered a breach that leaked credit card data, including security codes, belonging to 15,000 customers. A privately-held corporation based in Concord, California, BevMo sells mostly alcoholic beverages. As of 2013, the company operates 148 stores.

California attorney general’s office received a notice from BevMo this week that someone planted malware on its checkout page, the Associated Press reports. The code was designed to steal customers’ names, credit and debit card numbers, expiration dates, CVV codes, billing addresses, shipping addresses and phone numbers.

Read more about the BevMo data breach on Hot For Security.

18 Months Later, WannaCry Still Lurks on Infected Computers

Eighteen months after the initial WannaCry Ransomware outbreak, the malware continues to rear its head on thousands of infected computers.

When the WannaCry infection was first unleashed, security researcher Marcus Hutchins of Kryptos Logic registered a domain that acted as a kill switch for the ransomware component of the infection. If the infection was able to connect to this kill switch domain, the ransomware component would not activate. The infection, though, would continue to run silently in the background, while routinely connecting to the kill switch domain to check if it was still live. According to Hankins, the WannaCry kill switch domain still receives over 17 million beacons, or connections, in a one week period.

Read more about the lingering WannaCry infections on BleepingComputer.

Attackers are using cloud services to mask attack origin and build false trust

A report from Menlo Security finds that attackers are using cloud hosting services to avoid detection, opting to host trojans from websites like storage.googleapis.com, rather than on their own infrastructure. It is not difficult to understate the convenience of this—think of all the benefits cloud computing offers the enterprise, the cost savings of building out your own servers, etc., and apply those benefits to cybercriminals. The minimized initial cost makes cloud services undeniably attractive for malicious uses.

So, imagine a user follows a link in a phishing email to download a trojan from storage.googleapis.com. As far as the user knows, the origin is Google, or someone using Google to store data. It’s got the lock icon, and it has Google in the URL, so it should be trustworthy, except it is not.

Read more about the findings of the Menlo Security report on TechRepublic.

McAfee researchers analyze cybercriminal markets, reveal tactics, targets

McAfee released its McAfee Labs Threats Report: December 2018, examining activity in the cybercriminal underground and the evolution of cyber threats in Q3 2018. McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.

“Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” said Christiaan Beek, lead scientist at McAfee.

Read more about the findings of the new report on Help Net Security.

Memes on Twitter Used to Communicate With Malware

A new and otherwise ordinary malware tool is garnering some attention from security researchers for its ability to retrieve malicious commands via code hidden in a couple of Twitter memes.

The malware (TROJAN.MSIL.BERBOMTHUM.AA) targets Windows systems and, like more than 90% of all malicious code, is distributed via phishing attacks. Once installed on a system, the malware can perform several common functions like capturing local screen shots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker. What’s noteworthy about the new Trojan is its use of the Twitter memes to retrieve malicious instructions, according to Trend Micro, the first to report on the threat.

Read more about the new malware on DarkReading.

Cryptocurrency craze drives coinmining malware surge

The cryptocurrency craze of 2018 helped drive a 1,500 percent increase in coinmining malware when compared to 2017, according to eSentire.

Coinmining malware mines cryptocurrency (typically Monero) directly on infected endpoint devices (CoinMiner) or in web browsers (Coinhive) when a user visits a website running malicious code. Once infected, the coinmining malware silently mines cryptocurrency while consuming a significant amount of processor cycles. With the recent decline in the value of cryptocurrencies, the computing, power and cooling costs to legitimately mine cryptocurrencies now exceeds their value on the open market. Monero-based malware does not face these same economic challenges as all of the mining costs are absorbed by the device owner.

Read more about the findings of the eSentire report on Help Net Security.

Shamoon 3 Attacks Targeted Several Sectors

New details have emerged about the recent Shamoon 3 attacks, including information on several malware samples, targets in additional sectors, and some links to threat groups believed to be operating out of Iran.

Several new samples of the notorious Shamoon malware emerged recently. While initially researchers could not say who had been targeted, an increasing number of targets have come to light in the past days following the analysis of several cybersecurity firms. Alphabet-owned Chronicle discovered one sample that had been uploaded to its VirusTotal service from Italy on December 10.

Read more about the recent Shamoon 3 attacks on SecurityWeek.

How a personality trait puts you at risk for cybercrime

Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks. New research from Michigan State University examines the behaviors — both obvious and subtle — that lead someone to fall victim to cybercrime involving Trojans, viruses, and malware.

“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” said Tomas Holt, professor of criminal justice and lead author of the research. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”

Read more about the findings of the academic study on ScienceDaily.