Articles about Trojan

Africa Studio http://www.shutterstock.com/gallery-137002p1.html

Unbreakable Locky ransomware is on the march again

Cisco is warning of possible return of a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necrus botnet. The attacks are tiny: Cisco's security team has so far found fewer than a thousand Necrus spam messages. Those numbers pale in comparison to attacks when Necrus' …
Darren Pauli, 20 Jan 2017

Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware

Barts Health NHS Trust has blamed the disruption of its IT systems last Friday on a trojan horse infection and not ransomware. The trust, which runs five east London hospitals and is among the biggest in the UK, was forced to quarantine systems in response to the outbreak last week. In an update on Monday, the trust said that …
John Leyden, 17 Jan 2017

Brother-and-sister duo arrested over hacking campaign targeting Italy's bigwigs

A hacking operation featuring the EyePyramid trojan successfully compromised the systems of numerous high-profile Italian targets, including two former prime ministers, say Italian police. High-profile targets were targeted by a spear-phishing campaign that served a remote-access trojan codenamed "EyePyramid" as a malicious …
John Leyden, 12 Jan 2017
asteroid mission

NASA plans seven-year trip to Jupiter – can we come with you, please?

Vid NASA has OKed two new missions to study some of the most interesting asteroids in our solar system, as part of its ongoing Discovery mission program. The first mission, named Lucy, will launch in October 2021 and will head off to the gas giant of Jupiter to explore its Trojan zones. These are two points on either side of the …
Iain Thomson, 05 Jan 2017
I AM NIKOM / Shutterstock.com

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers. The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to. Switcher brute-forces …
John Leyden, 03 Jan 2017
Electronic Trojan horse

Sneaky chat app Signal deploys decoy domains to deny despots

The latest update of Signal, one of the most well-regarded privacy-focused messaging applications for non-technical users, has just been revised to support a censorship circumvention technique that will make it more useful for people denied privacy by surveillance-oriented regimes. In response to reports that Egypt and the …
Thomas Claburn, 23 Dec 2016

Bad news, fandroids: Mobile banking malware now encrypts files

Cybercrooks have outfitted ransomware functionality onto an already dangerous mobile banking Trojan. The modified Faketoken can steal credentials from more than 2,000 Android financial applications, security researchers at Kaspersky Lab warn. Based on telemetry, Kaspersky Lab estimates that Faketoken has claimed over 16,000 …
John Leyden, 20 Dec 2016

Persistent ad and dialler trojans found on 28 Android phones

More than two dozen cheap Androids have been found to host pre-installed malicious apps capable of downloading persistent adware and making phone calls. The phones, which include Lenovo's A6000 and A319, were discovered bearing the pre-installed malicious apps by security researchers with antivirus firm Dr Web. Dr Web reckons …
Darren Pauli, 14 Dec 2016
Image by Lawrey https://www.shutterstock.com/gallery-702868p1.html

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans …
Darren Pauli, 08 Dec 2016

Hospital info thief malware puts itself into a coma to avoid IT bods

A Trojan targeting US healthcare organizations attempts to avoid detection by going to sleep for prolonged periods after initial infection, security researchers warn. Symantec estimates that thousands of organizations have been hit by the Gatak Trojan since 2012. The malware is programmed to spread aggressively across an …
John Leyden, 22 Nov 2016

Analysts apply Occam's razor to Tesco Bank breach

Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. Earlier this month Tesco Bank admitted that an estimated £2.5m had been looted from 9,000 accounts. Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised a few days after the breach …
John Leyden, 16 Nov 2016

Google to patch Chrome mobile hole after bank trojan hits 318k users

An Android Chrome bug that's already under attack - with criminals pushing banking trojans to more than 300,000 devices - won't get patched until the next release of the mobile browser. The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval. Users need …
Darren Pauli, 08 Nov 2016
Rat

Dutch webcam perv jailed

A 21 year-old Dutch man has been jailed for one month with another year suspended for infecting more than 2,000 computers to spy on minors via webcams. The man known as Jair M was arrested in October 2013 after he infected the machines with remote access trojans and recorded and captured footage of minors in compromising …
Darren Pauli, 28 Oct 2016

VXer turns to ancient freemium model to flog keylogger, malware tools

Malware has been spotted using the freemium model more than 30 years after it was introduced. PhishMe malware researcher Paul Burbage (@hexlax) spotted the revitalised model in a keylogger sold as a freemium public download and as a US$55 full version purchase. The Viotto Keylogger is the offensive security tool designed by a …
Darren Pauli, 26 Oct 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. Miscreants took to Discord and distributed malicious programs including NanoCore, njRAT, SpyRAT to gamers using the chat servers, but that was just one aspect of a wider pattern of abuse. Symantec discovered some groups were …
John Leyden, 21 Oct 2016
Riven Media http://www.shutterstock.com/gallery-1141187p1.html

'Dyre' malware re-surfaces as 'TrickBot', targets Australian banks

Malware now targeting Australian users could be based on one of the world's worst banking trojans. Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of …
Darren Pauli, 18 Oct 2016

More than half of Androids susceptible to ancient malware

One of the world's most prolific Android malware instances is still the most prevalent piece of malware more than two years after it first emerged. The capable trojan known as Ghost Push infects Android up to version five, aka Lollipop, still employed by about 57 per cent of all users. Ghost Push won't run on Android version …
Darren Pauli, 17 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …

Second hacking group targets SWIFT-connected banks

A second group of hackers – Odinaff – has broken into the SWIFT system, the fulcrum of the global financial payments system. Odinaff were found to be using the same approach as those who stole $81m from the Bangladesh central bank earlier this year. Attacks involving the Odinaff trojan and associated tools appear to have …
John Leyden, 11 Oct 2016
Bank vault

Moldovan Dridex millionaires to spend 12 years in jail

A pair of cybercriminals responsible for laundering millions of pounds stolen using a banking trojan have been sentenced to a combined total of 12 years in prison. Pavel Gincota, 32, and Ion Turcan, 35, are Moldovan nationals with Romanian citizenship. The duo made over £2.5m in criminal profits using the banking trojan Dridex …

Wasted: Kaspersky makes jokers of upstart ransomware VXers

Kaspersky has released a decryption tool that neuters the MarsJoke ransomware, less than a month after it was first revealed. The decryption effort is salvation for victims who are told they have 96 hours to pay the 0.7 Bitcoin (US$427) ransom before their data is permanently encrypted. MarsJoke, also known as Polyglot, …
Darren Pauli, 05 Oct 2016

German cops, mobe malware

Germany's federal investigative police agency (BKA) is seeking permission to infect smartphones with its home baked PC trojan for surveillance of serious crime.Strike text The agency wants to develop a derivative of its trojan named the Bundestrojaner for mobile devices should its request to German Parliament be approved, …
Team Register, 04 Oct 2016

Source code unleashed for junk-blasting Internet of Things botnet

Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend. The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in …
John Leyden, 03 Oct 2016
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016
Cat and mouse

Oh, ALL RIGHT, says Facebook, we'll let Windows admins run osquery

Two years after it first arrives for Linux and OS X, Facebook's "osquery" developer kit is now available for Windows. Osquery is designed to let sysadmins check out system and process information by issuing SQL queries, rather than (for example) having to watch syslogs. An example (drawn from the GitHub repo) is the kind of …
Image by Lana839 http://www.shutterstock.com/gallery-2897530p1.html

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016
A grey beard

Greybeards beware: Hair dye for blokes outfit Just For Men served trojan

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says. Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make …
Team Register, 21 Sep 2016

Researcher says Patch Tuesday fix should have been made earlier

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks. The attacks utilised the low-level flaw (CVE-2016-3351) for cloaking purposes among an arsenal of exploits. The …
Darren Pauli, 16 Sep 2016

Double-dipping malware steals iOS creds and roots Android

A newly-outed trojan is exploiting iOS and Android devices, ripping iCloud credentials abusing the trusted link between phones and PCs, says Palo Alto security researcher Claud Xiao. The attack appears to have failed in most circumstances, thanks to iOS' sandboxing security controls, hardened modern Android operating systems, …
Darren Pauli, 15 Sep 2016

Logins for US Navy, NASA's JPL among US gov logins sold on deepweb

Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs. The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational …
Darren Pauli, 14 Sep 2016
Piranha fish pattern illustration

Buckeyed cyberspies' switch

Cyberespionage group Buckeye has switched targets from the US to Hong Kong. Buckeye (also known as APT3, Gothic Panda, UPS Team or TG-0110) is a longstanding hacking group group that has been together for at least seven years. Buckeye is blamed for using a remote access Trojan (Backdoor.Pirpi) in attacks against a US …
John Leyden, 07 Sep 2016

Sneaky Gugi banking trojan sidesteps Android OS security barricades

Updated Gugi, a bank-account-raiding trojan for smartphones, has been retooled to bypass Android 6's security features designed to block phishing attempts and ransomware infections. The modified malware forces users into giving it the ability to overlay genuine apps, send and view SMSes, make calls, and more. The software nasty is …
John Leyden, 06 Sep 2016
Penguin

Bloke accused of Linux kernel.org hack nabbed during traffic stop

A man who allegedly hacked the Linux Kernel Organization's kernel.org and the Linux Foundation's servers has been collared by cops. Donald Ryan Austin, 27, of El Portal, Florida, will appear in court in San Francisco later this month. He is accused of four counts of "intentional transmission causing damage to a protected …
Iain Thomson, 02 Sep 2016

We want GCHQ-style spy powers to hack cybercrims, say police

Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the …
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Angler's obituary: Super exploit kit was the work of Russia's Lurk group

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group. It is a finding that solves the mysterious demise of the world's most capable exploit kit and one of the biggest threats to end users on the internet. Kaspersky's head …
Darren Pauli, 31 Aug 2016
ASIC

Boffins design security chip to spot hidden hardware trojans in processors

Scientists at the NYU Tandon School of Engineering have designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities deep within a processor's design. Very few people run their own chip fabrication plants these days. Most processors are designed by one firm, which then …
Iain Thomson, 24 Aug 2016

FireEye warns 'massive' ransomware campaign hits US, Japan hospitals

The dangerous and as-yet-undefeated Locky ransomware is being hurled at hospitals across the United States and Japan in a 'massive' number of attacks, according to FireEye researcher Ronghwa Chong. Locky is a popular ransomware variant that will encrypt files in a way that forces users to pay ransoms or cut their losses and …
Darren Pauli, 18 Aug 2016
Headshot of Trojan horse

Running a DNSSec responder? Make sure it doesn't help the black hats

Sysadmins are making mistakes configuring and managing DNSSec, and it's leaving systems that should be secure open to exploitation in DNS reflection attacks. That's the conclusion of Neustar, in a study released here and which found that of more than 1,300 DNSSec-protected domains tested 80 per cent could be used in an attack …
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Demise of Angler, the world's worst exploit kit, still shrouded in mystery

The Angler exploit kit has all-but vanished and whoever knows why isn't talking. Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight. It also employed a battery of complex …
Darren Pauli, 16 Aug 2016

Google AdSense abused to distribute Android spyware

A banking trojan targeting Android users is spreading through malicious ads as part of an ongoing campaign. The scenario by which the malware spreads is all too familiar to long-suffering Windows fans, but may well come as an unpleasant shock to smartphone users. Worse yet, Android users can get infected by the Svpeng Trojan …
John Leyden, 15 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016
LInux nutella

Linux malware? That'll never happen. Ok, just this once then

Russian security outfit Dr. Web says it's found new malware for Linux. The firms says the “Linux.Lady.1” trojan does the following three things: Collect information about an infected computer and transfer it to the command and control server. Download and launch a cryptocurrency mining utility. Attack other computers of …
Simon Sharwood, 11 Aug 2016

McAfee outs malware dev firm with scores of Download.com installs

McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware. Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix …
Darren Pauli, 11 Aug 2016
Eye of Sauron with Mount Doom in the background. Still from the film version of JRR Tolkien's Lord of the Rings. Copyright New Line Cinema

Eye of Sauron-themed trojan targets Russia, Sweden

A previously unknown group called Strider has been conducting cyberespionage-style attacks against selective targets in Russia, China, Sweden, and Belgium. Strider uses an advanced piece of malware known as Remsec to conduct its attacks. Remsec creates a back door on an infected computer - establishing a means to log …
John Leyden, 08 Aug 2016

Kazakhstan accused of hacking journos, activists by EFF

Black Hat The Electronic Frontier Foundation (EFF) has accused the Kazakhstan Government of sending malware-laced phishing emails to two investigative journalists in the country, along with activists, and family members to help spy, locate and extradite targets. The group revealed their detailed technical findings at the Black Hat …
Darren Pauli, 05 Aug 2016
Fish hook in a clear light blue tropical ocean. Photo by Shutterstock

Phisherfolk phlock to Rio for the Olympics

Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil. Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting …
Darren Pauli, 05 Aug 2016
Image: Blackhat

Meet the chaps who run the Black Hat NoC and let malware roam free

Black Hat Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network. The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. …
Darren Pauli, 01 Aug 2016
Sulawesi Slender Root-Rat

Russia reports RAT scurrying through govt systems, chewing data

Russia's Government is reporting that malware designed to steal data has been found in state systems at two dozen agencies and critical institutions. Moscow did not reveal the names of the targeted agencies nor which attacks were successful and what data if any was stolen. Military, scientific, and critical infrastructure …
Team Register, 01 Aug 2016
CSIRO Parkes Radio Telescope

Google Drive trojan fling

Cybercrooks have taken to using a combination of shortened links and a shared file hosted on Google Drive to deliver the 9002 trojan, a cyber-espionage threat. The use of Google Drive to host malicious files is uncommon but far from unprecedented. Palo Alto Networks’ threat intelligence group, Unit 42, reckons that use of a …
John Leyden, 27 Jul 2016
lg_rolly_keyboard_648

Locky now top email menace

Locky claimed top spot for email-based malware in Q2, overtaking Dridex, a banking trojan. Many Locky and Dridex slingers turned to JavaScript files attached to email messages to install payloads, email security firm Proofpoint warns. Among email attacks that used malicious document attachments, 69 per cent featured the new …
John Leyden, 26 Jul 2016