Malware—a blanket term for viruses, worms, trojans, and other harmful computer programs—has been with us since the early days of computing. But malware is constantly evolving and hackers use it to wreak destruction and gain access to sensitive information; fighting malware takes up much of the day-to-day work of infosec professionals.
Malware is short for malicious software, and, as Microsoft puts it, “is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.” In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.
Read more about what malware is and how you can prevent, detect and remove it, on CSO.
There are several good reasons why you shouldn’t post zero-day exploits on social media. For starters, lurking attackers will snatch the code and leverage it in a malware campaign.
Such is the case with a Microsoft Windows zero-day bug shared on Twitter last week. The vulnerability affects the Advanced Local Procedure Call (ALPC) function within the Windows Task Manager in Windows 7 through Windows 10. Two days after the vulnerability and proof-of-concept was posted on Twitter and GitHub, respectively, ESET researchers identified the exploit in a campaign from the PowerPool threat group.
Read more about the new PowerPool malware campaign on DarkReading.
Despite Google’s defenses for protecting Android’s official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered. Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play.
Lukas Stefanko of ESET antivirus vendor found three such malicious apps posing as astrology software that offered the horoscope. What they really divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials.
Read more about the malicious apps that were recently discovered in Google Play on BleepingComputer.
The RIG exploit kit, which at its peak infected an average of 27,000 machines per day, has been grafted with a new tool designed to hijack browsing sessions. The malware in question, a rootkit called CEIDPageLock, has been distributed through the exploit kit in recent weeks. According to Check Point researchers, the rootkit was first discovered in the wild several months ago.
CEIDPageLock was detected when it attempted to tamper with a victim’s browser. The malware was attempting to turn their homepage into 2345.com, a legitimate Chinese directory for weather forecasts, TV listings, and more.
Read more about CEIDPageLock, which researchers say is sophisticated for a browser hijacker, on ZDNet.
Two recent malware discoveries suggest that attackers are turning to new modular downloaders that allow them to modify and update their software at will after it has been installed on a victim’s system. Security vendor Proofpoint says its researchers have observed a previously undocumented downloader, called Advisorsbot, being used in a malicious email campaign targeting workers in the restaurant, hotel, and telecommunications industries.
The malware is designed in such a way that attackers can add new payloads and capabilities to it post-infection. The malware is identical in function to another modular downloader named Marap, which is being used in a relatively large email campaign targeting users in the financial sector.
Read more about the threat of modular downloaders on DarkReading.
Same goals, new tools: Lazarus Group is targeting cryptocurrency exchanges with macOS malware, a sign the nation-state group is developing attacks for a broader variety of platforms to achieve its goal of financial gain.
This is the first case in which Kaspersky Lab researchers spotted Lazarus Group using malware targeting macOS. It seems the group – believed to be out of North Korea – wants to ensure OS platforms don’t interfere with infecting targets, so it’s building malware for different operating systems. A version of the same malware tailored for Linux is reportedly in the works.
Read more about the new macOS malware used by Lazarus Group, which should serve as a wake-up call for users of non-Windows platforms according to researchers, on DarkReading.
Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device.
Researchers spotted the malware for the first time a month ago, but they say they identified signs of its activity going back as far as mid-May, when it was first uploaded on VirusTotal, a website that aggregates multiple antivirus scanning engines.
Organizations offering telecommunication services are seeing more advanced malware threats than organizations in other industries, Lastline researchers have found. They have come to that conclusion after having analyzed all the threats seen by the telecom services companies over the past 30 days and the latest 100 malware samples submitted by Lastline customers in this vertical, and comparing them to the latest global “malscape” statistics.
“Around 90 percent of files [we analyzed] had not been submitted previously to VirusTotal for analysis, which is a significant deviation from the global average of 65% and the polar opposite of the finance sector sitting at around 20%,” the researchers shared.
A newly discovered downloader malware has been discovered as part of a new campaign primarily targeting financial institutions.
Researchers at Proofpoint said that the downloader – dubbed “Marap” after its command-and-control phone-home parameter, “param,” spelled backwards – is notable for its focused functionality and modular nature, as well as its ability to perform reconnaissance through a systems-fingerprinting module.
Read more about the new downloader, which has been spotted in an array of recent email campaigns, on Threatpost.
New analysis of malware campaigns suggests that North Korean hackers may have re-used malware and computer infrastructure, leaving a trail which increasingly allow incidents to be traced back to them.
The joint research by security firms McAfee and Intezer reveals new connections between attacks believed to be the work of North Korea, a shared networking infrastructure used to help conduct the attacks and work by specific teams within the country’s cyber army.
Read more about the research on the North Korean cyber threat on ZDNet.