Articles about Trojans

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …
Darren Pauli, 11 Jan 2016

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Russian friends make German web scum the 'best' in European Union

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say. In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the …
Darren Pauli, 14 Dec 2015
Mac malware

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …
John Leyden, 10 Dec 2015

Edgy online shoppers face Dyre Christmas as malware mutates

VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. The banking bomb has ripped untold fortunes from victims and passed them into the hands of its authors. In at least one instance alone IBM says more than one million dollars was plundered from an organisation. At present it has …
Darren Pauli, 19 Nov 2015
Android icon desktop toys

Amazon vendors flog thousands of rooted, malware-laden tablets

Amazon is unwittingly acting as the retail channel for thousands of Android devices preloaded with nightmare advertising malware and with operating systems rooted, users and security boffins allege. The blackbox tablets badged under various brands and flogged on the ecommerce site and elsewhere are A$100 (£50) Android units …
Darren Pauli, 13 Nov 2015

Iranian VXers unleash RATs to bite popular Android devices

Future threat researcher Rodrigo Bijou says Iranian hackers have made Android a priority for attacks with remote access trojans. The San Francisco consultant says attackers are preferring AndroRAT and DroidJack over common trojans like njRAT and DarkComet. Android is the most popular mobile OS in the Middle East and Africa, …
Darren Pauli, 29 Oct 2015

German surfers blitzed by widespread malvertising campaign

German surfers are under attack from multiple directions this week because of a widespread malvertising campaign. Users of eBay.de and subscribers of ISP T-Online.de were confronted with tainted ads after cybercrooks succeeded in pushing malicious traffic through rogue systems. The attacks began after hackers circumvented …
John Leyden, 22 Oct 2015

Bloke cuffed, accused of polishing off £700k Polish bank cyber-heist

A 31-year-old Warsaw chap is accused of stealing more than four million Polish złoty (£700,000) by hacking into a bank in Poland. The bloke has been named only as "Tomasz G" due to Polish privacy laws, and is charged with committing computer fraud and money laundering crimes, reports Radio Poland. Tomasz G faces up to 10 …

FBI takes down Dridex botnet, seizes servers, arrests suspect

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s …
John Leyden, 14 Oct 2015

New mystery Windows-smashing RAT found in corporate network

Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques. The Ensilo researcher says the Trojan, dubbed Moker, is not known to antivirus databases and can bypass and disable Windows security measures. Bypassed security systems …
Team Register, 08 Oct 2015
VR

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015

Malware menaces poison ads as Google, Yahoo! look away

Feature Online advertising has become an increasingly potent threat to end-user security on the internet. More hackers than ever are targeting the internet's money engine, using it as a powerful attack vector to hide exploits and compromise huge numbers of victims. Malvertising, as poisoned ads are known, is as deadly as it is diverse …
Darren Pauli, 27 Aug 2015

Net scum respect their elders so long as it leads to p0wnage

Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year. Blackhats dumped macros as an …
Darren Pauli, 20 Aug 2015

Malvertising set to wreak one BEELLION dollars in damage this year

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm …
Darren Pauli, 13 Aug 2015

Blacklists miss 90% of malware blogged IP love

Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft. The Massachusetts company, which boasts it's scored four out of five "top companies in the world" as clients, says correlating IP addresses to malware references yields between a thousand and …
Darren Pauli, 12 Aug 2015

21st century malware found in Jane Austen's 19th century prose

Cisco's 2015 Midyear Security Report has revealed that at least one group of malware-spreading scum has a literary bent. The report found one group of criminals who were hosting a webpage designed to inject exploit code into unpatched browsers. Typically these landing pages have very little on them, often just random text, but …
Iain Thomson, 28 Jul 2015

Cybercrime forum Darkode returns with security, admins intact

Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested. The English-speaking forum, established in 2007, was a major player in the cybercrime underground where vetted members could buy and sell zero days, trojans, and …
Darren Pauli, 28 Jul 2015

Nigerian prince swaps the sweet talk for keyloggers and exploits

Nigerian 419 scammers have taken to the crime-as-a-service model using cash to plug their technical capability shortfalls to build malware campaigns that could be making millions, according to FireEye researchers. Erye Hernandez, Daniel Regalado and Nart Villeneuv said that scammers, notorious for their attempts to fleece the …
Darren Pauli, 22 Jul 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015

20-yr-old Brazilian births 100 banking trojans

A 20 year-old Brazilian kid has pumped out more than 100 banking trojans selling each for around US$300 a pop, Trend Micro researchers say. The computer science student's extracurricular activities landed him the dishonourable title of his country's most prolific banking malware creator. Researchers say "Lordfenix", his chosen …
Darren Pauli, 02 Jul 2015

Dyre banking VXers LOVE Mondays, Symantec says

Nobody can accuse trojan coders of being lazy; the masterminds behind the Dyre banking malware are putting in full five-day working weeks to maintain some 285 command and control servers handling stolen banking credentials. The malware is one of the worst in circulation using its fleet of command and control servers to handle …
Darren Pauli, 25 Jun 2015

RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery …
Darren Pauli, 24 Jun 2015

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat

Exploit kit traders and ransomware slingers are in one of the most profitable industries in the world, landing a whopping 1,425 percent profit margin for raiding legitimate trade. Figures from infosec firm Trustwave show the blackhats who are enjoying what appears to be a current boom can score outrageous amounts of money by …
Darren Pauli, 10 Jun 2015

Bank-heist malware's servers phone home to Russian spookhaus

Trend Micro researcher Maxim Goncharov says one of the world's most sophisticated and dangerous bank-robbing trojans is now pointing to Russia's Federal Security Service (FSB). Goncharov says the Carbanak trojan's command and control servers now point to the FSB in what could be a joke or gaffe by malware authors. Carbanak in …
Darren Pauli, 25 May 2015

Factory reset memory wipe FAILS in 500 MEELLION Android mobes

Half a billion Android phones could have data recovered and Google accounts compromised thanks to flaws in the default wiping feature, University of Cambridge scientists Laurent Simon and Ross Anderson have claimed. The gaffe apparently allows tokens for Google and Facebook, among others, to be recovered in 80 per cent of …
Darren Pauli, 22 May 2015
container_ship_hamburg_shutterstock_648

US plans to apply export controls to 0-days put out for comment

US proposals for export controls for zero-day vulnerabilities and malware have finally been pushed forward, re-opening the fault lines of a long-running argument among security experts in the process. The proposals (pdf) from the US Department of Commerce would introduce the Wassenaar Arrangement (WA) – an international …
John Leyden, 20 May 2015
The Royal Opera House in Muscat by night. Credit: Shenmuelll Licence: CC BY-SA 3.0

Spy-tech firms Gamma and Trovicor target Shell Oil in Oman

Exclusive The Sultan of Oman's intelligence services are spying on the local operations of British oil company Shell with the aid of controversial European tech companies, the Register has learned. Documents seen by el Reg reveal that the internal phone systems at Petroleum Development Oman (PDO) - a joint venture between the Omani …
Alastair Sloan, 20 May 2015
Headshot of Trojan horse

Banking trojan scourge gallops on, despite more fences

RSA 2015 Banking botnets persist as a threat despite recent high-profile takedowns which only achieve a temporary calming effect, according to a new study from Dell SecureWorks. Between mid-2014 and early 2015, coordinated efforts involving law enforcement and private-sector industry disrupted three of the most active banking botnets ( …
John Leyden, 23 Apr 2015

Google guru: Android doesn't have malware, it has Potentially Harmful Applications™ instead

RSA 2015 Malware doesn't exist on Android, Google says, but Potentially Harmful Applications™ do. That linguistic flip is one of many at play in the Chocolate Factory's Android security division, which has dumped various general infosec terms overboard. Lead Android engineer Adrian Ludwig told the RSA Conference in San Francisco today …
Darren Pauli, 21 Apr 2015
Hack the planet

Verizon to world: STOP opening dodgy phishing emails, FOOLS

Phishing and web app security problems remain the most common way for hackers to gain access to sensitive information, according to US telco giant Verizon. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, the latest edition of Verizon’s annual Data Breach …
John Leyden, 14 Apr 2015

Backdoor bot brains snatched after cops, white hats raid servers

Microsoft and Interpol have teamed up to derail a malware infection that compromised more than 770,000 Windows PCs worldwide. Simda is a “pay-per-install” software nasty: fraudsters pay miscreants some sum of money for every 1,000 or so machines they compromise. The hackers effectively earn cash by selling access to the infected …
John Leyden, 13 Apr 2015

'Chinese hackers' were sniffing SE Asian drawers for YEARS

Security researchers have exposed a decade-long cyber-spying campaign that targeted south-east Asia and India since 2004. The so-called APT 30 hackers are likely to be agents of the Chinese government, according to network security company FireEye. APT 30's primary goal appears to be the theft of sensitive information for …
John Leyden, 13 Apr 2015
Solar panels

Energy utilities targeted by Office-spawned recon attack tool

Malware writers are targeting international energy utilities with a new trojan that creates beachheads to enable subsequent more advanced attacks. Symantec security boffin Christian Tripputi says the campaign, detected in the first two months of 2015, has a particular focus on creating beachheads on petroleum and gas utilities …
Darren Pauli, 02 Apr 2015

PIRATES and THIEVES to get Windows 10 as BOOTY

Pirates running stolen Windows operating systems will get a free copy of Windows 10, according to reports. Microsoft told reporters the next Windows will be made free to whet appetites for legitimate software, particularly in China. "We are upgrading all qualified PCs, genuine and non-genuine, to Windows 10," Microsoft's …
Darren Pauli, 19 Mar 2015
Shot of a girl with a mask biking through Beijing

Web protection: A flu mask for the internet

The internet is no longer optional for organisations. It is where business lives. Unfortunately, it is also probably the worst neighbourhood on the planet, filled with cybercriminals, hacktivists, and corporate and state spies. And the internet is both the largest and the smallest neighbourhood. All of these people live just …
Robin Birtstone, 09 Mar 2015
Blackhat

Blackhat: Michael Mann brings an informed cybercrime yarn to the silver screen

Film review You don’t expect much from a storyline that reads like a cyber remake of the cheesy classic The Rock – crime happens and only dastardly criminal taken out of lock-up by the Feds can stop it. But director Michael Mann has turned out a pretty decent thriller in Blackhat, even if it does take itself a little too seriously. For a …

Rap for fap stack in hack trap flap: This XXX site caught an STI (Script Transmitted Infection)

Blue movie website RedTube was stiffed over the weekend by a hacker who gave the site a rather nasty infection. The porno purveyor inadvertently spread the seed of malware after a hacker compromised its servers and tweaked its homepage – exposing visitors to malicious code that attempted to exploit a security vulnerability in …
Shaun Nichols, 19 Feb 2015

Security hawker gives the bird to mid-east hack group

A team of attackers tagged by Kaspersky as the first "advanced Arab hackers" has passed around malware targeting Middle East governments, the military and others. So far 100 malware samples attributed to the group have been tagged, the hacker branding consultancy claims. Kaspersky Labs researchers revealed the attacks at the …
Darren Pauli, 18 Feb 2015

Your hard drives were RIDDLED with NSA SPYWARE for YEARS

The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …
Darren Pauli, 17 Feb 2015

Hackers break the bank to the tune of $300 MEEELLION

A series of bank hacker heists have hit more than 100 financial institutions, say Kaspersky researchers, and more than US$300 million appears to have walked as a result. The attacks targeted employees at as-yet-unnamed banks with malware dubbed Carbanak that gave access to corporate networks, giving criminals access for more …
Darren Pauli, 16 Feb 2015

Attackers planting banking Trojans in industrial systems

Trend Micro researcher Kyle Wilhoit says the latest attacks on SCADA and industrial control networks are turning out to carry rather pedestrian banking Trojans, and have been on the rise since October 2014. Talking to DarkReading, Wilhoit said rather than Stuxnet-style attacks, ne'er-do-wells are dropping banking Trojans into …

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014

Hackers pop German steel mill, wreck furnace

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces. The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email. Hackers then pivoted to the …
Darren Pauli, 22 Dec 2014

Roll up, come see the BOOMING HACKER BAZAAR!

Underground hacker markets are booming with counterfeit documents, premiere credit cards, hacker tutorials, and "complete satisfaction guarantees", according to a new report from Dell SecureWorks. The means to create a false identity are easily purchased through the cracker bazaars. A fake social security card can be obtain …
John Leyden, 15 Dec 2014
android tongue

That sub-$100 Android slab you got on Black Friday? RIDDLED with holes, say infosec bods

Those fighting through hordes of fellow crazed bargain junkies this Black Friday should avoid some of the cheapo Android tablets on offer. Security researchers at Bluebox Labs bought a dozen Android fondleslabs, each costing less than $100, and tested them for poor patching, dodgy OS installation, and sloppy security practices …
Iain Thomson, 28 Nov 2014

Privacy bods Detekt Hacking Team code nasty dressed as bookmark manager

The Detekt privacy tool has discovered Hacking Team's Windows spyware masquerading as a benign bookmark manager. Detekt was launched last week and offers users of Windows systems to inspect their machines for traces of known government spyware. Developer Claudio Guarnieri said on Twitter the tool discovered the malicious …
Darren Pauli, 26 Nov 2014

'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described

A highly advanced malware instance said to be as sophisticated as the famous Stuxnet and Duqu has has been detected. "Regin" has security researchers opining it may be nastier than both. "Regin" malware is thought to have been developed by a nation-state because of the financial clout needed to produce code of this complexity …
Darren Pauli, 24 Nov 2014

Beware Brit cops bearing battering rams. Four nabbed over Trojan claims

British cops have arrested four people suspected of using Trojans to illegally take control of computers. The arrests were made as part of a international operation led by Europol which aimed to clamp down on the criminal use of Remote Access Trojans (RATs). These malware nasties are capable of taking command of a target's …
Jasper Hamill, 21 Nov 2014
Sean Connery in Dr. No

Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER

Amnesty and Privacy International are offering a free-of-charge spyware detection tool designed to help journalists and human rights activists stay one step ahead of government surveillance. The Windows-only Detekt anti-spyware tool is designed to be a supplement, rather than an alternative, to pre-existing anti-virus protection …
John Leyden, 20 Nov 2014