Articles about Trojan

Hospital info thief malware puts itself into a coma to avoid IT bods

A Trojan targeting US healthcare organizations attempts to avoid detection by going to sleep for prolonged periods after initial infection, security researchers warn. Symantec estimates that thousands of organizations have been hit by the Gatak Trojan since 2012. The malware is programmed to spread aggressively across an …
John Leyden, 22 Nov 2016

Analysts apply Occam's razor to Tesco Bank breach

Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. Earlier this month Tesco Bank admitted that an estimated £2.5m had been looted from 9,000 accounts. Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised a few days after the breach …
John Leyden, 16 Nov 2016

Google to patch Chrome mobile hole after bank trojan hits 318k users

An Android Chrome bug that's already under attack - with criminals pushing banking trojans to more than 300,000 devices - won't get patched until the next release of the mobile browser. The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval. Users need …
Darren Pauli, 08 Nov 2016
Rat

Dutch webcam perv jailed

A 21 year-old Dutch man has been jailed for one month with another year suspended for infecting more than 2,000 computers to spy on minors via webcams. The man known as Jair M was arrested in October 2013 after he infected the machines with remote access trojans and recorded and captured footage of minors in compromising …
Darren Pauli, 28 Oct 2016

VXer turns to ancient freemium model to flog keylogger, malware tools

Malware has been spotted using the freemium model more than 30 years after it was introduced. PhishMe malware researcher Paul Burbage (@hexlax) spotted the revitalised model in a keylogger sold as a freemium public download and as a US$55 full version purchase. The Viotto Keylogger is the offensive security tool designed by a …
Darren Pauli, 26 Oct 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. Miscreants took to Discord and distributed malicious programs including NanoCore, njRAT, SpyRAT to gamers using the chat servers, but that was just one aspect of a wider pattern of abuse. Symantec discovered some groups were …
John Leyden, 21 Oct 2016
Riven Media http://www.shutterstock.com/gallery-1141187p1.html

'Dyre' malware re-surfaces as 'TrickBot', targets Australian banks

Malware now targeting Australian users could be based on one of the world's worst banking trojans. Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of …
Darren Pauli, 18 Oct 2016

More than half of Androids susceptible to ancient malware

One of the world's most prolific Android malware instances is still the most prevalent piece of malware more than two years after it first emerged. The capable trojan known as Ghost Push infects Android up to version five, aka Lollipop, still employed by about 57 per cent of all users. Ghost Push won't run on Android version …
Darren Pauli, 17 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …

Second hacking group targets SWIFT-connected banks

A second group of hackers – Odinaff – has broken into the SWIFT system, the fulcrum of the global financial payments system. Odinaff were found to be using the same approach as those who stole $81m from the Bangladesh central bank earlier this year. Attacks involving the Odinaff trojan and associated tools appear to have …
John Leyden, 11 Oct 2016
Bank vault

Moldovan Dridex millionaires to spend 12 years in jail

A pair of cybercriminals responsible for laundering millions of pounds stolen using a banking trojan have been sentenced to a combined total of 12 years in prison. Pavel Gincota, 32, and Ion Turcan, 35, are Moldovan nationals with Romanian citizenship. The duo made over £2.5m in criminal profits using the banking trojan Dridex …

Wasted: Kaspersky makes jokers of upstart ransomware VXers

Kaspersky has released a decryption tool that neuters the MarsJoke ransomware, less than a month after it was first revealed. The decryption effort is salvation for victims who are told they have 96 hours to pay the 0.7 Bitcoin (US$427) ransom before their data is permanently encrypted. MarsJoke, also known as Polyglot, …
Darren Pauli, 05 Oct 2016

German cops, mobe malware

Germany's federal investigative police agency (BKA) is seeking permission to infect smartphones with its home baked PC trojan for surveillance of serious crime.Strike text The agency wants to develop a derivative of its trojan named the Bundestrojaner for mobile devices should its request to German Parliament be approved, …
Team Register, 04 Oct 2016

Source code unleashed for junk-blasting Internet of Things botnet

Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend. The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in …
John Leyden, 03 Oct 2016
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016
Cat and mouse

Oh, ALL RIGHT, says Facebook, we'll let Windows admins run osquery

Two years after it first arrives for Linux and OS X, Facebook's "osquery" developer kit is now available for Windows. Osquery is designed to let sysadmins check out system and process information by issuing SQL queries, rather than (for example) having to watch syslogs. An example (drawn from the GitHub repo) is the kind of …
Image by Lana839 http://www.shutterstock.com/gallery-2897530p1.html

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016
A grey beard

Greybeards beware: Hair dye for blokes outfit Just For Men served trojan

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says. Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make …
Team Register, 21 Sep 2016

Researcher says Patch Tuesday fix should have been made earlier

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks. The attacks utilised the low-level flaw (CVE-2016-3351) for cloaking purposes among an arsenal of exploits. The …
Darren Pauli, 16 Sep 2016

Double-dipping malware steals iOS creds and roots Android

A newly-outed trojan is exploiting iOS and Android devices, ripping iCloud credentials abusing the trusted link between phones and PCs, says Palo Alto security researcher Claud Xiao. The attack appears to have failed in most circumstances, thanks to iOS' sandboxing security controls, hardened modern Android operating systems, …
Darren Pauli, 15 Sep 2016

Logins for US Navy, NASA's JPL among US gov logins sold on deepweb

Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs. The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational …
Darren Pauli, 14 Sep 2016
Piranha fish pattern illustration

Buckeyed cyberspies' switch

Cyberespionage group Buckeye has switched targets from the US to Hong Kong. Buckeye (also known as APT3, Gothic Panda, UPS Team or TG-0110) is a longstanding hacking group group that has been together for at least seven years. Buckeye is blamed for using a remote access Trojan (Backdoor.Pirpi) in attacks against a US …
John Leyden, 07 Sep 2016

Sneaky Gugi banking trojan sidesteps Android OS security barricades

Updated Gugi, a bank-account-raiding trojan for smartphones, has been retooled to bypass Android 6's security features designed to block phishing attempts and ransomware infections. The modified malware forces users into giving it the ability to overlay genuine apps, send and view SMSes, make calls, and more. The software nasty is …
John Leyden, 06 Sep 2016
Penguin

Bloke accused of Linux kernel.org hack nabbed during traffic stop

A man who allegedly hacked the Linux Kernel Organization's kernel.org and the Linux Foundation's servers has been collared by cops. Donald Ryan Austin, 27, of El Portal, Florida, will appear in court in San Francisco later this month. He is accused of four counts of "intentional transmission causing damage to a protected …
Iain Thomson, 02 Sep 2016

We want GCHQ-style spy powers to hack cybercrims, say police

Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the …
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Angler's obituary: Super exploit kit was the work of Russia's Lurk group

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group. It is a finding that solves the mysterious demise of the world's most capable exploit kit and one of the biggest threats to end users on the internet. Kaspersky's head …
Darren Pauli, 31 Aug 2016
ASIC

Boffins design security chip to spot hidden hardware trojans in processors

Scientists at the NYU Tandon School of Engineering have designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities deep within a processor's design. Very few people run their own chip fabrication plants these days. Most processors are designed by one firm, which then …
Iain Thomson, 24 Aug 2016

FireEye warns 'massive' ransomware campaign hits US, Japan hospitals

The dangerous and as-yet-undefeated Locky ransomware is being hurled at hospitals across the United States and Japan in a 'massive' number of attacks, according to FireEye researcher Ronghwa Chong. Locky is a popular ransomware variant that will encrypt files in a way that forces users to pay ransoms or cut their losses and …
Darren Pauli, 18 Aug 2016
Headshot of Trojan horse

Running a DNSSec responder? Make sure it doesn't help the black hats

Sysadmins are making mistakes configuring and managing DNSSec, and it's leaving systems that should be secure open to exploitation in DNS reflection attacks. That's the conclusion of Neustar, in a study released here and which found that of more than 1,300 DNSSec-protected domains tested 80 per cent could be used in an attack …
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Demise of Angler, the world's worst exploit kit, still shrouded in mystery

The Angler exploit kit has all-but vanished and whoever knows why isn't talking. Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight. It also employed a battery of complex …
Darren Pauli, 16 Aug 2016

Google AdSense abused to distribute Android spyware

A banking trojan targeting Android users is spreading through malicious ads as part of an ongoing campaign. The scenario by which the malware spreads is all too familiar to long-suffering Windows fans, but may well come as an unpleasant shock to smartphone users. Worse yet, Android users can get infected by the Svpeng Trojan …
John Leyden, 15 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016
LInux nutella

Linux malware? That'll never happen. Ok, just this once then

Russian security outfit Dr. Web says it's found new malware for Linux. The firms says the “Linux.Lady.1” trojan does the following three things: Collect information about an infected computer and transfer it to the command and control server. Download and launch a cryptocurrency mining utility. Attack other computers of …
Simon Sharwood, 11 Aug 2016

McAfee outs malware dev firm with scores of Download.com installs

McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware. Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix …
Darren Pauli, 11 Aug 2016
Eye of Sauron with Mount Doom in the background. Still from the film version of JRR Tolkien's Lord of the Rings. Copyright New Line Cinema

Eye of Sauron-themed trojan targets Russia, Sweden

A previously unknown group called Strider has been conducting cyberespionage-style attacks against selective targets in Russia, China, Sweden, and Belgium. Strider uses an advanced piece of malware known as Remsec to conduct its attacks. Remsec creates a back door on an infected computer - establishing a means to log …
John Leyden, 08 Aug 2016

Kazakhstan accused of hacking journos, activists by EFF

Black Hat The Electronic Frontier Foundation (EFF) has accused the Kazakhstan Government of sending malware-laced phishing emails to two investigative journalists in the country, along with activists, and family members to help spy, locate and extradite targets. The group revealed their detailed technical findings at the Black Hat …
Darren Pauli, 05 Aug 2016
Fish hook in a clear light blue tropical ocean. Photo by Shutterstock

Phisherfolk phlock to Rio for the Olympics

Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil. Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting …
Darren Pauli, 05 Aug 2016
Image: Blackhat

Meet the chaps who run the Black Hat NoC and let malware roam free

Black Hat Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network. The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. …
Darren Pauli, 01 Aug 2016
Sulawesi Slender Root-Rat

Russia reports RAT scurrying through govt systems, chewing data

Russia's Government is reporting that malware designed to steal data has been found in state systems at two dozen agencies and critical institutions. Moscow did not reveal the names of the targeted agencies nor which attacks were successful and what data if any was stolen. Military, scientific, and critical infrastructure …
Team Register, 01 Aug 2016
CSIRO Parkes Radio Telescope

Google Drive trojan fling

Cybercrooks have taken to using a combination of shortened links and a shared file hosted on Google Drive to deliver the 9002 trojan, a cyber-espionage threat. The use of Google Drive to host malicious files is uncommon but far from unprecedented. Palo Alto Networks’ threat intelligence group, Unit 42, reckons that use of a …
John Leyden, 27 Jul 2016
lg_rolly_keyboard_648

Locky now top email menace

Locky claimed top spot for email-based malware in Q2, overtaking Dridex, a banking trojan. Many Locky and Dridex slingers turned to JavaScript files attached to email messages to install payloads, email security firm Proofpoint warns. Among email attacks that used malicious document attachments, 69 per cent featured the new …
John Leyden, 26 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

Extortion trojan watches until crims find you doing something dodgy

A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data. The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a …
Darren Pauli, 18 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016

Lurk trojan takedown also took out Angler exploit kit

Security researchers have discovered a possible link between the demise of the Angler Kit and a crackdown against the Lurk banking trojan crew. In June, a group of individuals was arrested in Russia for using Lurk to target Russian banks. Cisco Talos researchers noticed that within a week of the arrests, Angler had disappeared …
John Leyden, 11 Jul 2016

⌘+c malware smacks Macs, drains keychains, pours over Tor

More malware capable of pilfering Mac keychain passwords and shipping them over Tor has been turned up, less than a day after a similar rare trojan was disclosed. Dubbed Keydnap, the malware is delivered as a compressed Mach-O file with a txt or jpg extension, with a hidden space character which causes it to launch in terminal …
Darren Pauli, 07 Jul 2016

Honey, why are porno apps on your Android?! Er, um, malware did it!

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals. Hummer first came up on the logs of Cheetah Mobile's security team in August 2014, but spent eight months in obscurity before starting …
Iain Thomson, 29 Jun 2016

Sofacy NotSoGood: Time to switch up our Trojan-slinging tactics

A hacking group linked by researchers to the Kremlin has switched its tactics as part of a new attack against the United States government. A spear phishing email from the Sofacy group (also known as APT28) sent to a "US government entity" from a potentially compromised account belonging to the Ministry of Foreign Affairs of …
John Leyden, 15 Jun 2016

Clueless s’kiddies using exploit kits are behind ransomware surge

Releases of new ransomware grew 24 per cent quarter-on-quarter in Q1 2016 as relatively low-skilled criminals continued to harness exploit kits for slinging file-encrypting malware at their marks. The latest quarterly study by Intel Security also revealed that Mac OS malware grew quickly in Q1, primarily due to an increase in …
John Leyden, 14 Jun 2016