Skip to main content

Viruses & Malware

Nation state spying malware revealed

posted onNovember 23, 2014
by l33tdawg

Symantec Security Response has discovered a new malware called Regin which, they say, "...displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals."

This back-door trojan has been in use, according to the security company, since at least 2008, and has stayed under the radar since.

Citadel malware attacking open source password managers

posted onNovember 21, 2014
by l33tdawg

The king of the castle has a new tormentor.

IBM’s Trusteer researchers have discovered a new configuration of the Citadel malware that attacks certain password managers. The configuration activates key logging when certain processes are running on the infected machine. The targeted processes include Password Safe and KeePass, two open-source password managers. The variant also targets the nexus Personal Security Client used to secure financial transactions and other services that require heightened security.

Google Play app spread SMS trojan for more than a year

posted onNovember 13, 2014
by l33tdawg

An app recently available in the Google Play store claimed to be a download for wallpapers, videos and music, but in reality, it was a SMS trojan app.

The package name “com.FREE_APPS_435.android” tricked victims by getting them to allow the app to access their SMS messages, according to a Malwarebytes blog post. If a user clicked through the app's Google Play homepage to the developer's website, they found two banners and links.

Fileless malware runs entirely from memory to make detection harder

posted onNovember 10, 2014
by l33tdawg

Traditional malware infections usually require a file object to be placed on the system which makes it relatively easy for them to be detected and removed.

Now though there’s a stealthier threat uncovered by security company Malwarebytes. Poweliks is an infection that runs without a filesystem object, completely from the registry and memory using rundll32.exe, javascript and a create on-the-fly dll.

Code can be injected into the machine via a fake landing page which makes traditional security solutions like white listing ineffective in combating it.

The iPhone WireLurker malware: What you need to know

posted onNovember 7, 2014
by l33tdawg

There's a scary new piece of malware that collects call logs, phonebook contacts and other sensitive information from Apple iPhones and iPads. Should you be worried?

The malware was first discovered by researchers at Palo Alto Networks who dubbed it WireLurker and said it exhibited behavior that had never been seen before in malicious software targeting Apple's platforms.

Windows XP flaws help Russian 'Qbot' gang build 500,000 PC botnet

posted onOctober 9, 2014
by l33tdawg

The Russian gang behind the obscure Qbot botnet have quietly built an impressive empire of 500,000 infected PCs by exploiting unpatched flaws in mainly US-based Windows XP and Windows 7 computers, researchers at security firm Proofpoint have discovered.

A year or two ago, what the Qbot (aka Qakbot) campaign has achieved in the roughly half dozen years the actors behind it have been operating would have been seen as a major concern. Recently, standards have gone up a notch.

Apple Makes Move To Shut Down Mac Botnet

posted onOctober 7, 2014
by l33tdawg

Just days after the discovery of a botnet composed of thousands of Macs, Apple released an update to its OS X antimalware component that combats the malware associated with the infections. Updated over the weekend, the little publicized XProtect feature in OS X now includes definitions to prevent three variations of the Mac.BackDoor.iWorm malware from installing on new machines.

Is the Chinese government spying on Hong Kong protesters’ phones?

posted onOctober 3, 2014
by l33tdawg

Malware-based espionage targeting political activists and other opposition is nothing new, especially when it comes to opponents of the Chinese government. But there have been few attempts at hacking activists more widespread and sophisticated than the current wave of spyware targeting the mobile devices of members of Hong Kong’s “Umbrella Revolution.”