Researchers have unearthed Linux malware that circulated in the wild for at least two years before being identified as a credential stealer that’s installed by the exploitation of recently patched vulnerabilities.
One of your Mac's built-in malware detection tools may not be working quite as well as you think. At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings on Saturday about vulnerabilities in Apple's macOS Background Task Management mechanism, which could be exploited to bypass and, therefore, defeat the company's recently added monitoring tool.
Security researchers have identified a new malware campaign that leverages code signing certificates and other techniques to help it avoid detection by antivirus software.
According to a new blog post from Elastic Security, the cybersecurity firm's researchers identified a cluster of malicious activity after reviewing its threat prevention telemetry.
The StealthWorker malware family is attempting to enlist network-attached storage (NAS) devices into a botnet used for a variety of purposes, according to Synology.
The company said these attacks don't exploit vulnerabilities in its products. Instead they "leverage a number of already infected devices to try and guess common administrative credentials" that can then be used to install malicious payloads without the owner's knowledge.
A new Android trojan has been identified by security researchers, who said on Monday that once it is successfully installed in the victim's device, those behind it can obtain a live stream of the device screen and also interact with it via its Accessibility Services.
The malware, dubbed "Teabot" by security researchers with Cleafy, has been used to hijack users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Last year, we first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_x64 Macs, as well as other notable payload changes.
A benign barcode scanner with more than 10 million downloads from Google Play has been caught receiving an upgrade that turned it to the dark side, prompting the search-and-advertising giant to remove it.
Barcode Scanner, one of dozens of such apps available in the official Google app repository, began its life as a legitimate offering. Then, in late December, researchers with security firm Malwarebytes began receiving messages from customers complaining that ads were opening out of nowhere on their default browser.
Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can't tolerate downtime. But along with the various types of PC malware that are typically used in these attacks, there's another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.
A large number Android phones may be storing 'undeletable' files and apps following a number of widespread attacks, security researchers have warned.
A new report from Kaspersky found that many Android devices that had been hit by cybercrime could still be harbouring malicious files or items without the user's knowledge.
Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors’. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach that’s often more effective: stealing and then repurposing a rival’s code.
