Articles about Trojan

CSIRO Parkes Radio Telescope

Google Drive trojan fling

Cybercrooks have taken to using a combination of shortened links and a shared file hosted on Google Drive to deliver the 9002 trojan, a cyber-espionage threat. The use of Google Drive to host malicious files is uncommon but far from unprecedented. Palo Alto Networks’ threat intelligence group, Unit 42, reckons that use of a …
John Leyden, 27 Jul 2016
lg_rolly_keyboard_648

Locky now top email menace

Locky claimed top spot for email-based malware in Q2, overtaking Dridex, a banking trojan. Many Locky and Dridex slingers turned to JavaScript files attached to email messages to install payloads, email security firm Proofpoint warns. Among email attacks that used malicious document attachments, 69 per cent featured the new …
John Leyden, 26 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

Extortion trojan watches until crims find you doing something dodgy

A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data. The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a …
Darren Pauli, 18 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016

Lurk trojan takedown also took out Angler exploit kit

Security researchers have discovered a possible link between the demise of the Angler Kit and a crackdown against the Lurk banking trojan crew. In June, a group of individuals was arrested in Russia for using Lurk to target Russian banks. Cisco Talos researchers noticed that within a week of the arrests, Angler had disappeared …
John Leyden, 11 Jul 2016

⌘+c malware smacks Macs, drains keychains, pours over Tor

More malware capable of pilfering Mac keychain passwords and shipping them over Tor has been turned up, less than a day after a similar rare trojan was disclosed. Dubbed Keydnap, the malware is delivered as a compressed Mach-O file with a txt or jpg extension, with a hidden space character which causes it to launch in terminal …
Darren Pauli, 07 Jul 2016

Honey, why are porno apps on your Android?! Er, um, malware did it!

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals. Hummer first came up on the logs of Cheetah Mobile's security team in August 2014, but spent eight months in obscurity before starting …
Iain Thomson, 29 Jun 2016

Sofacy NotSoGood: Time to switch up our Trojan-slinging tactics

A hacking group linked by researchers to the Kremlin has switched its tactics as part of a new attack against the United States government. A spear phishing email from the Sofacy group (also known as APT28) sent to a "US government entity" from a potentially compromised account belonging to the Ministry of Foreign Affairs of …
John Leyden, 15 Jun 2016

Clueless s’kiddies using exploit kits are behind ransomware surge

Releases of new ransomware grew 24 per cent quarter-on-quarter in Q1 2016 as relatively low-skilled criminals continued to harness exploit kits for slinging file-encrypting malware at their marks. The latest quarterly study by Intel Security also revealed that Mac OS malware grew quickly in Q1, primarily due to an increase in …
John Leyden, 14 Jun 2016
Bitcoin

MtGox collapse victims now picked off by phishing vultures

Phishing scammers are going after people hoping to claw some of their money back from the MtGox collapse. Researchers with computer security biz Cyren have spotted a new round of spam messages claiming to originate from Kraken, the exchange that is heading up efforts to pay out Bitcoins recovered from the MtGox implosion. The …
Shaun Nichols, 06 Jun 2016

'Irongate' attack looks like Stuxnet, quacks like Stuxnet ...

FireEye threat researchers have found a complex malware instance that borrows tricks from Stuxnet and is specifically designed to work on Siemens industrial control systems. Josh Homan, Sean McBride, and Rob Caldwell named the malware "Irongate" and say it is probably a proof-of-concept that is likely not used in wild. …
Darren Pauli, 03 Jun 2016
Mobile banking, image via Shutterstock

Flash. Bang. Wallet: Marcher crooks target UK Android users

Miscreants behind the Marcher mobile malware have begun targeting UK banking customers. The trojan - which already targets banks in other countries, including Germany, Austria, France, Australia and Turkey - has added nine major UK bank brands onto its roster, IBM's X-Force security research team warns. Marcher is an Android- …
John Leyden, 02 Jun 2016
Headshot of Trojan horse

Russia launches raids over Sberbank heist

Russia's FSB says it's tagged the gang that used the “Lurk” trojan to raid 1.7 billion roubles – about US$25 million – from financial institutions. Lurk was identified in 2012. At the time, Kaspersky Labs said it was a “fileless” Trojan that ran in RAM. Instead, it “uses its payload to inject an encrypted dll from the web …
Remote control

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Updated TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company's systems mysteriously fell offline. TeamViewer denies it has been hacked. In the past 24 hours, we've seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote …
Shaun Nichols, 01 Jun 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Microsoft warns of worm ransomware, finds fix in Windows 10 upgrade

Microsoft is warning of a wormable ransomware that infects removable drives on versions of its operating system below Windows 10. The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers. It drops a warning notice in a HTML file informing …
Darren Pauli, 01 Jun 2016
Computer mouse  connected to a rolled up newspaper with the headline Tech News

Saudis under trojan attack

The Saudi Arabian financial and technology sectors are under attack by trojan-slinging cybercriminals. The latest run of the OilRig campaign features malware used to target the defence industry in the kingdom last year, reports Palo Alto Networks. In the latest run of attacks crooks are posing as legitimate service providers …
John Leyden, 27 May 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …
John Leyden, 27 May 2016

VXer group ramps up malware to attack Indian embassies

Attackers have revamped their malware to better target embassy staff, says a Palo Alto Networks security team. The "Operation Ke3chang" campaign is slinging the TidePool malware which it has quietly upgraded over recent years. Researchers Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn and Tom Keigher say the group …
Darren Pauli, 25 May 2016

Cryptxxx shipwrecked: Laughing white hats shred latest ransomware

Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace. The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware …
Darren Pauli, 18 May 2016

Ireland's tax arrangements are as clear as a pint of Guinness

Comment Ireland has repeatedly been in the spotlight for its favourable and controversial tax incentives - which have attracted numerous large tech companies to its shores. However, the country has also been accused of being less than transparent in some of its tax arrangements. The European Commission is currently investigating the …
Kat Hall, 09 May 2016
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016

Gozi trojan mastermind sentenced by US court to time served

The self-confessed creator of the infamous Gozi trojan was sentenced to time served and ordered to pay $6.9m in restitution by a New York court on Monday. Nikita Kuzmin, a 28-year-old Russian citizen, pleaded guilty to computer hacking and fraud charges in May 2011. He was released after 37 months served on remand, as part of …
John Leyden, 04 May 2016

Adware from French runs away and hides on 12M machines

Cisco's Warren Mercer and Matthew Molyett are warning that software downloaded from sites run by French firm Tuto4PC likely included trojan backdoors. The Borg's security arm, Talos, thinks some 12 million machines have been infected. The malware-bloated software quietly downloads trash dubbed Wizz, which can steal personal …
Darren Pauli, 28 Apr 2016
Headshot of Trojan horse

Microsoft gifts free support to Azure big spenders

Whenever a big tech company offers something for free, you've got to ask what's in it for them. What, then, to make of Microsoft's announcement that some customers will be given a year of free support? To get the freebie you'll need to buy Azure Services under an Enterprise Agreement (EA), sometime between May 1, 2016, …
Simon Sharwood, 27 Apr 2016
Curser icon over a news paper folded

Revised trojan hits HK

Poison Ivy malware has been revamped as a more potent cyber-spying tool. The revised malware is been slung in targeted attacks against pro-democracy activists in Hong Kong. The latest version of the trojan features updated execution and communications mechanisms, as explained by researchers from Palo Alto Networks here. …
John Leyden, 22 Apr 2016
St Petersburg Russia

SpyEye duo behind bank-account-emptying malware banged up

A two-man team responsible for spreading the SpyEye malware that caused more than a billion dollars in financial hardship is now starting extended sentences in American prisons. The malware's author – Aleksandr Panin, 27, of Tver, Russia – was sent down for nine years and six months by United States District Court Judge Amy …
Iain Thomson, 21 Apr 2016

Halfbreed trojan targets US banks

A new piece of malware has been linked to thefts of $4m from more than 24 American and Canadian banks in just a few days. Researchers at IBM reckon that hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a persistent and powerful trojan. Customers of numerous credit unions and popular e- …
John Leyden, 15 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
Headshot of Trojan horse

New strain of data thieving malware Qbot unleashed

Researchers have uncovered a new strain of data-stealing trojan Qbot. The malware has infected more than 54,000 PCs in thousands of organisations across the world. Incident response experts at BAE Systems came across the malware variant during an engagement at an unnamed public sector organisation. The Qbot-related attack …
John Leyden, 12 Apr 2016
Picard frustrated

Half of people plug in USB drives they find in the parking lot

A new study has found that almost half the people who pick up a USB stick they happen across in a parking lot plug said drives into their PCs. Researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. They found that 48 …
Shaun Nichols, 11 Apr 2016
money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016

Brazilian and Russian cybercrooks collaborating to create more potent threats

Cybercriminals on opposite sides of the world in Russia and Brazil have overcome time differences and language barriers to work together. The collaboration is driving a rapid evolution of malicious tools, security researchers at Kaspersky Lab warn. The Brazilian and Russian cybercrime undergrounds have both created numerous, …
John Leyden, 01 Apr 2016

US bank fended off 513 trojans last year alone

The most beleaguered bank in the United States was hit with 513 financial trojans last year, says Symantec threat bod Candid Wueest. The unnamed bank and Symantec customer was in the crosshairs of 78.2 percent of all financial trojans seen by the security firm last year. It is unknown if any of the malware samples gained a …
Darren Pauli, 24 Mar 2016

Microsoft beefs up defences against Office macros menace

Microsoft has introduced a macros-blocking feature within Office 2016 in a move designed to collar a long-running malware threat. Macro-based malware is once again on the rise as a vector in the spread of various strains of malware including the Locky ransomware, BlackEnergy and the Dridex banking trojan. Microsoft’s stats …
John Leyden, 23 Mar 2016

Wait! Where did you get that USB? Super-stealthy trojan only drives stick

Hackers have created a trojan that that makes exclusive use of USB devices in order to spread. The malware - dubbed USB Thief - is capable of stealthy attacks against air-gapped systems, net security firm ESET warns. USB Thief is well protected against detection and reverse-engineering - not least because it leaves no trace of …
John Leyden, 23 Mar 2016

Millions menaced as ransomware-smuggling ads pollute top websites

Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via …
John Leyden, 15 Mar 2016
dumb_and_dumber_648

Like masochism? Run a PC? These VXers want to help you pwn yourself

Masochistic Windows users have been given a helping hand from hackers, in the form of step-by-step instructions on how to get their PCs infected with malware. A recent malware-slinging banking trojan campaign targeting Germany last week comes with explicit instructions for the recipients describing how to get their computers …
John Leyden, 14 Mar 2016
shutterstock_197065211

I beg you, please don't back up that secret directory full of photos!

On-Call Welcome to Friday and to On-Call, our weekly regurgitation of readers' real-life tales getting stuff done in the field. This week, a tale of domestic rapture from reader “Adam” who was once asked to sort out a friend's slow-running Windows PC. Adam had his mate bring the PC over, then got to work booting it from a Linux disk …
Simon Sharwood, 11 Mar 2016

First OS X ransomware actually a scrambled Linux file scrambler

The world's first fully functional OS X ransomware, KeRanger, is really a Mac version of the Linux Encoder Trojan, according to new research from Romanian security software firm Bitdefender. The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already …
John Leyden, 09 Mar 2016

BlackEnergy malware activity spiked in runup to Ukraine power grid takedown

Fresh research has shed new light on the devious and unprecedented cyber-attack against Ukraine's power grid in December 2015. A former intelligence analyst has warned that launching similar attacks is within the capabilities of criminals, or perhaps even hacktivist groups, since most of the key components are readily …
John Leyden, 04 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016

Dangerous Android banking bot leak signals new malware wave

Android users could be hit with a new wave of dangerous banking malware following the leak of source code for a capable Android trojan. Users could be targeted with variants of the malware, known as "GM Bot", that is capable of harvesting usernames and passwords using slick keystroke-capturing website overlays. Since it …
Darren Pauli, 23 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016
Mobile banking, image via Shutterstock

This Android Trojan steals banking creds and wipes your phone

A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn. The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything …
John Leyden, 15 Feb 2016

BlackEnergy trojan also hit Ukrainian mining firm and railway operator

Security researchers have linked attacks against Ukrainian power utilities in Dec 2015, which used the BlackEnergy trojan, to similar attacks against a mining company and a large railway operator in Ukraine. The new research, by Kyle Wilhoit of Trend Micro, casts fresh light on what’s arguably the most significant malware- …
John Leyden, 15 Feb 2016
Bitcoin

Bitcoin's governance bungles stain the blockchain's reputation

Civilisation is an agreement. We agree to pay our tax, obey the laws, and generally avoid berserking around the joint. Where these agreements breaks down you get riots that scale into civil wars, then collapse. That’s less of an issue so long as the problem is over there - so that when a culture soils the sheets you don’t have …
Mark Pesce, 11 Feb 2016

Moscow raids could signal end of global Dyre bank trojan menace

One of the worst examples of financial malware appears to have fallen silent after operators were reportedly arrested in Moscow after a rare raid by the Federal Security Service of the Russian Federation (FSB). Reuters reports Russian police raided Moscow film studio 25th Floor and a neighbouring office in November. Western …
Darren Pauli, 10 Feb 2016

Brits best French in Euro securo pwn party

Brits are less likely than the French to be p0wned by malware, phishing, or to have their privacy violated by some wretched online service, but are far more vulnerable than the Dutch, the European Union's numbers office has found. The Eurostat statistics haul was acquired by in surveys last year of EU citizens aged 16 to 74 …
Darren Pauli, 09 Feb 2016