Articles about Trojans

Image by Lawrey https://www.shutterstock.com/gallery-702868p1.html

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans …
Darren Pauli, 08 Dec 2016

Analysts apply Occam's razor to Tesco Bank breach

Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. Earlier this month Tesco Bank admitted that an estimated £2.5m had been looted from 9,000 accounts. Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised a few days after the breach …
John Leyden, 16 Nov 2016

Google to patch Chrome mobile hole after bank trojan hits 318k users

An Android Chrome bug that's already under attack - with criminals pushing banking trojans to more than 300,000 devices - won't get patched until the next release of the mobile browser. The flaw allows malware writers to quietly download Android app installation (.apk) files to devices without requiring approval. Users need …
Darren Pauli, 08 Nov 2016
Rat

Dutch webcam perv jailed

A 21 year-old Dutch man has been jailed for one month with another year suspended for infecting more than 2,000 computers to spy on minors via webcams. The man known as Jair M was arrested in October 2013 after he infected the machines with remote access trojans and recorded and captured footage of minors in compromising …
Darren Pauli, 28 Oct 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. Miscreants took to Discord and distributed malicious programs including NanoCore, njRAT, SpyRAT to gamers using the chat servers, but that was just one aspect of a wider pattern of abuse. Symantec discovered some groups were …
John Leyden, 21 Oct 2016

Spam scum ping global blacklists to wreck rep

Malware authors are consulting IP blacklists designed to help fight spam in a bid to avoid detection and increase inbox hit rates. The novel abuse allows malware authors to determine if they have infected clean and benign machines. "This malware is interesting because it contains a hardcoded list of commonly known blacklist …
Darren Pauli, 21 Oct 2016
Riven Media http://www.shutterstock.com/gallery-1141187p1.html

'Dyre' malware re-surfaces as 'TrickBot', targets Australian banks

Malware now targeting Australian users could be based on one of the world's worst banking trojans. Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of …
Darren Pauli, 18 Oct 2016
Acer XR341CKA gaming monitor

Time to crack down on sales of dragon's gold - securobods

Security researchers have urged gaming companies to crack down on virtual currency auction and sales sites, reckoning criminals are cashing in to launder stolen money. The research team at Trend Micro says most black hats steal the currency using online game exploits or by using malware and phishing to compromise players, …
Darren Pauli, 13 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …

Researcher says Patch Tuesday fix should have been made earlier

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks. The attacks utilised the low-level flaw (CVE-2016-3351) for cloaking purposes among an arsenal of exploits. The …
Darren Pauli, 16 Sep 2016

Logins for US Navy, NASA's JPL among US gov logins sold on deepweb

Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs. The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational …
Darren Pauli, 14 Sep 2016
Africa Studio http://www.shutterstock.com/gallery-137002p1.html

Ten-year-old Windows Media Player hack is the new black, again

Net scum are still finding ways to take down users with a decade-old Windows Media Player attack. The vector is a reborn social engineering hatchet job not seen in years in which attackers convince users to run executable content through Windows Media Player's Digital Rights Management (DRM) functionality. Windows Media …
Darren Pauli, 08 Sep 2016
Africa Studio http://www.shutterstock.com/gallery-137002p1.html

Mr Chow plates up sticky ransomware

Popular Chinese food chain "Mr Chow's" has been caught plating up ransomware from its website. The fine dining restaurant chain boasts sites in London and across the US and was hacked by attackers injecting the pseudo Darkleech malicious scripts to redirect users. Victims were served a malware money bag through the Neutrino …
Darren Pauli, 07 Sep 2016
ASIC

Boffins design security chip to spot hidden hardware trojans in processors

Scientists at the NYU Tandon School of Engineering have designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities deep within a processor's design. Very few people run their own chip fabrication plants these days. Most processors are designed by one firm, which then …
Iain Thomson, 24 Aug 2016
Batman. Credit: DC Comics.

WikiLeaks uploads 300+ pieces of malware among email dumps

WikiLeaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says. Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total's static analysis checks. Much of the malware appear to be attachments emailed by black hats in a …
Darren Pauli, 19 Aug 2016
'Mother' tattoo

Tech support scammers mess with hacker's mother, so he retaliated with ransomware

Vengeful security boffin Ivan Kwiatkowski has infected the computer of an Indian tech support scammer with the Locky ransomware. Kwiatkowski inflicted the virus on the scammers after they attempted to fleece his parents. The retaliatory strike was easy for the French malware analyst; during a phone call with the scammers he …
Darren Pauli, 17 Aug 2016

Indian hacking gang goes on three-year Chinese phishing trip

Suspected hackers based in India have compromised thousands of computers, going about their business as far back as 2013. The group has been rumbled by three security firms over that time, but was until now considered to be several discrete entities. Now Forcepoint researchers Andy Settle, Nicholas Griffin, and Abel Toro say …
Darren Pauli, 11 Aug 2016
Fish hook in a clear light blue tropical ocean. Photo by Shutterstock

Phisherfolk phlock to Rio for the Olympics

Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil. Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting …
Darren Pauli, 05 Aug 2016
Symantec director government affairs Brian Fletcher (left) with Microsoft assistant general counsel Cristin Goodwin. Image: Darren Pauli, The Register.

Microsoft and pals re-write arms control pact to save infosec industry

Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat tot he information security industry. The pitch is the result of brainstorming by the group to redefine …
Darren Pauli, 21 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

Extortion trojan watches until crims find you doing something dodgy

A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data. The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a …
Darren Pauli, 18 Jul 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016
Venomous snake

Nuclear goes boom

Shake-ups at the top of the exploit kit world continue, with news the world's two top pop boxes have disappeared. Exploit kits are the all-in-one commercial crime offerings through which specifically vulnerable users can be targeted with a barrage of constantly updated and occasionally zero-day attacks. Victims subject to …
Darren Pauli, 28 Jun 2016
Night scene of bank station in central london

Bank in the UK? Plans afoot to make YOU liable for bank fraud

Bank customers may be obliged to bear the bill for fraud against their accounts, under proposed changes mulled by banks, the UK government and GCHQ. Under the plans, individuals or companies with poor online security could be “frozen out of banking services or even excluded from the system whereby banks compensate customers …
John Leyden, 26 May 2016
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016

Screen overlay malware on the rise as bot scum battle for dominance

IBM malware murderer Limor Kessem says Android VXers are using legitimate screen overlay features to hose handsets. Screen overlays do what it says on the can: applications with appropriate permission can monitor other apps and then overlay to allow entry or retrieval of data. The technique is legitimately used by popular …
Darren Pauli, 29 Apr 2016

Cybercrooks turn away from banks. Your health records are far juicier

Cybercrooks are switching up targets moving away from retail and financial services onto healthcare and government last year, according to figures from IBM’s security business. Retail drops out of top five most attacked sector while financial targets dropped from #1 to #3 in IBM X-Force’s 2016 Cyber Security Intelligence Index …
John Leyden, 20 Apr 2016
Selection of Australian banknotes

Retirement funds breached as crims target brokers' un-patched Windows machines

ACSC 2016 Australians are having their retirement savings accounts drained as hackers move to breach broker platforms rather than the tougher target that is banking infrastructure. The Australian Federal Police AFP are investigating a spike in breaches against devices used by brokers who administer boutique, "self-managed" …
Darren Pauli, 13 Apr 2016

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told. Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer …
John Leyden, 08 Apr 2016

Google to admins: We'll tell you when your network is pwned

Google software engineer Nav Jagpal says it will start sharing URLs linked to social engineering, unwanted and malicious software, to help network administrators understand the threats they face. Google is monitoring some 22,000 autonomous systems (ASNs) or about 40 percent of total active networks, and provides some 250 …
Team Register, 08 Apr 2016

Mal Men men hit LiveJournal with Angler exploit kit

Malwarebytes researcher Jerome Segura says malvertisers have served the world's most dangerous exploit kit - Angler - through compromised advertisements run on LiveJournal.com and news service Likes.com. The attacks are the latest in a string of brazen and successful malvertising campaigns that are smashing the web's most …
Darren Pauli, 30 Mar 2016

Gumtree serves world's worst exploit kit to scores of Aussies

Malware expert Jerome Segura says Australia's most popular classifieds site, Gumtree.com.au, was serving the world's most capable exploit kit to some of its millions of monthly visitors. The site is Australia's twelfth-most-popular website and last month attracted some 47.8 million views. Parent site eBay Australia scored 74.6 …
Darren Pauli, 29 Mar 2016

US bank fended off 513 trojans last year alone

The most beleaguered bank in the United States was hit with 513 financial trojans last year, says Symantec threat bod Candid Wueest. The unnamed bank and Symantec customer was in the crosshairs of 78.2 percent of all financial trojans seen by the security firm last year. It is unknown if any of the malware samples gained a …
Darren Pauli, 24 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016

Phew! No evidence found for global criminal hacker conspiracy

Trend Micro security bods have 'capped' their epic research efforts to catalogue the world's regional cybercrime undergrounds. The mammoth effort saw researchers crawl through criminal forums in five countries, documenting the nuances of each as they went. The security outfit's forward-looking threat research team detail the …
Darren Pauli, 02 Mar 2016

Android users installed 2 BILLION data-stealing, backdooring apps

Users have downloaded more than two billion data-stealing Android apps, while large swathes of enterprises are reportedly housing malicious iOS apps, according to security firm Proofpoint. The firm found some 12,000 malicious apps across 'authorised' Android app stores, with code to steal data, create backdoors, and wreak …
Darren Pauli, 24 Feb 2016

Dangerous Android banking bot leak signals new malware wave

Android users could be hit with a new wave of dangerous banking malware following the leak of source code for a capable Android trojan. Users could be targeted with variants of the malware, known as "GM Bot", that is capable of harvesting usernames and passwords using slick keystroke-capturing website overlays. Since it …
Darren Pauli, 23 Feb 2016

A RAT and a spammer both avoid the slammer

Two US hackers have escaped prison, receiving probation instead of time in federal coolers. Blackshades remote access trojan (RAT) co-creator Michael Hogue, 25, of Arizona, could have stared down five years prison for his role in developing the BlackShades remote access trojan but instead received the time on probation. His …
Darren Pauli, 01 Feb 2016

Techie on the ground disputes BlackEnergy Ukraine power outage story

Updated A Ukrainian telecoms engineer has raised doubts about the widely reported link between BlackEnergy attacks and power outages in his country. Illia Ilin said that reports suggesting Russian state sponsored hackers used the BlackEnergy malware to infect the control systems of energy distribution utilities and cause blackouts …
John Leyden, 27 Jan 2016
Avi Rubin

Terrible infections, bad practices, unclean kit – welcome to hospital IT

Usenix Enigma When it comes to IT security, the medical world is by far the most inept at data security. So say top researchers at the first Usenix Enigma security conference, held this week in San Francisco. "As a tester who has worked in many industries, healthcare is the absolute worst in terms of security," Avi Rubin, technical director …
Iain Thomson, 25 Jan 2016
steam_dota_character_648

Trojan-filled Chrome extensions for Steam boil off gamers' assets

Miscreants are slinging fraudulent Chrome extension trojans at gamers that, if installed, will empty victims’ Steam inventory. Security researcher Bart Blaze warned that supposedly "helpful" Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are actually scamware. “Instead of being able to change your CS:GO Double …
John Leyden, 20 Jan 2016

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Apple has flubbed attempts to patch flaws in OS X's anti-malware system Gatekeeper, leaving the defenses still easy to bypass. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, found a way to circumvent Gatekeeper last year. Gatekeeper is supposed to block dodgy …
John Leyden, 15 Jan 2016
Mobile banking, image via Shutterstock

SlemBunk slamdunk: Mobile banking Trojans found worldwide

Cybercrooks have put together a dynasty of Android Trojan apps in a bid to imitate the legitimate apps of 33 financial management institutions across the globe. The SlemBunk apps (which commonly masquerade as popular applications, such as social media, utility, etc) have spread across three major continents: North America, …
John Leyden, 14 Jan 2016

Brazilian whacks: as economy tanks, cyber-crooks samba

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds. Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, …
Darren Pauli, 13 Jan 2016

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …
Darren Pauli, 11 Jan 2016

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Russian friends make German web scum the 'best' in European Union

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say. In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the …
Darren Pauli, 14 Dec 2015
Mac malware

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …
John Leyden, 10 Dec 2015

Edgy online shoppers face Dyre Christmas as malware mutates

VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. The banking bomb has ripped untold fortunes from victims and passed them into the hands of its authors. In at least one instance alone IBM says more than one million dollars was plundered from an organisation. At present it has …
Darren Pauli, 19 Nov 2015
Android icon desktop toys

Amazon vendors flog thousands of rooted, malware-laden tablets

Amazon is unwittingly acting as the retail channel for thousands of Android devices preloaded with nightmare advertising malware and with operating systems rooted, users and security boffins allege. The blackbox tablets badged under various brands and flogged on the ecommerce site and elsewhere are A$100 (£50) Android units …
Darren Pauli, 13 Nov 2015