Articles about malware

British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

Secretive electronic spy agency GCHQ was aware that accused malware author Marcus Hutchins, aka MalwareTechBlog, was due to be arrested by US authorities when he travelled to United States for the DEF CON hacker conference, according to reports. The Sunday Times – the newspaper where the Brit government of the day usually …
Gareth Corfield, 21 Aug 2017
No, just stop. Nope. photo by shutterstock

Ads regulator raps PC repair biz for massaging malware infection rates

An online PC repair shop was yesterday given a small ticking off by the Advertising Standards Agency – the UK's notoriously gummy marketing watchdog – for claiming that one in three PCs are blighted by malware on a daily basis. The web shop ReimagePlus published a promo on April 21 warning prospective customers: "Don't be part …
Paul Kunert, 17 Aug 2017
hacker

Creepy backdoor found in NetSarang server management software

Researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang's server management software. The secret access route, dubbed Shadowpad by its discoverers, lurks in the nssock2.dll library within NetSarang's Xmanager and Xshell software suites. It pings out every eight hours to a command-and-control server with the …
Iain Thomson, 15 Aug 2017
DNA sequencing exploit

'Adversarial DNA' breeds buffer overflow bugs in PCs

Scientists from the University of Washington have created synthetic DNA that produced malware of a sort. Detailed in a paper titled “Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More”, the authors explain that they decided to “synthesize DNA strands that, after …

Forget sexy zero-days. Siemens medical scanners can be pwned by two-year-old-days

Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment. These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging …
Iain Thomson, 4 Aug 2017
Bear

Russian admits being Ebury botnet herder, now jailed for 46 months

A Russian man has been imprisoned for 46 months after admitting to using the Ebury malware to create a massive botnet for fun and profit. Maxim Senakh, 41, of Veliky Novgorod in Russia, was sentenced in Minnesota after pleading guilty to conspiracy to commit wire fraud and violating the Computer Fraud and Abuse Act. He was …
Iain Thomson, 3 Aug 2017

Hacked Chrome web dev plugin maker: How those phishers tricked me

The chap behind Chrome Web Developer, a popular third-party extension that was briefly hijacked to inject ads into browsers, today confirmed he was the victim of a phishing attack. Chris Pederick, a Brit living abroad in San Francisco, California, said he received an email on Tuesday claiming to be from Google warning that his …
Shaun Nichols, 3 Aug 2017
Marcus Hutchins

WannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' – FBI

Marcus Hutchins, the British malware researcher who killed off the WannaCry ransomware outbreak, was arrested in Las Vegas on Wednesday on suspicion of being a malware writer himself. Hutchins, aka MalwareTechBlog on Twitter, was collared after attending the DEF CON hacking conference in Nevada, US, last week. FBI agents …
Iain Thomson, 3 Aug 2017
mobile malware

'Invisible Man' malware runs keylogger on your Android banking apps

A new breed of Android malware is picking off mobile banking customers, particularly those in the UK and Germany, we're told. The Svpeng software nasty has been around for four years, and its creator was caught and thrown in the clink in 2015. However, the malware keeps on evolving, thanks to other crooks trying their hand …
Iain Thomson, 2 Aug 2017
Stupid computer

AI quickly cooks malware that AV software can't spot

DEF CON Machine-learning tools can create custom malware that defeats antivirus software. In a keynote demonstration at the DEF CON hacking convention Hyrum Anderson, technical director of data science at security shop Endgame, showed off research that his company had done in adapting Elon Musk’s OpenAI framework to the task of …
Iain Thomson, 31 Jul 2017
Container image via Shutterstock

Malware? In my Docker container? It's more common than you think

Black Hat Docker containers are the perfect disguise for malware infections, warn researchers. Speaking at the 2017 Black Hat USA conference in Las Vegas, Aqua Security researchers Michael Cherny and Sagie Dulce said [PDF] the Docker API can be abused for remote code execution and security bypass. Popular with developers as a way to …
Shaun Nichols, 28 Jul 2017
Sad Android

Inside the ongoing fight to stamp out govt-grade Android spyware

Black Hat A study into government-grade Android spyware led researchers to a new strain of surveillance malware lurking in the Google Play app store – a strain that has now been unceremoniously booted out of the software marketplace. Last month it was revealed that the Mexican government was infecting smartphones with malware to spy on …
Iain Thomson, 28 Jul 2017

Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone

Police in Germany will forego seeking decryption keys for secure messaging apps, like WhatsApp, and instead simply hack devices to snoop on suspects. Given the grumblings coming from Australia, the UK, and other Five Eyes states about encrypted messaging, we suspect these nations will follow suit – if they're not there already …
Shaun Nichols, 26 Jul 2017

No one still thinks iOS is invulnerable to malware, right? Well, knock it off

The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure. Malicious mobile apps in Apple's App Store are mercifully rare (XcodeGhost aside) compared to the comparative "Wild West" of the Google Play store, which has come …
John Leyden, 20 Jul 2017
hands through the jail bars. Photo by shutterstock

Remember that Citadel bank-slurping malware? Its main man was just jailed for five years

Russian programmer Mark Vartanyan has been sentenced to five years in US federal prison for developing and spreading the Citadel malware that stole $500m (£383m) from bank accounts around the world. Citadel is a variant of the Zeus banking Trojan, the source code of which leaked online in 2011. These software nasties could …
Iain Thomson, 20 Jul 2017
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Targeted, custom ransomware menace rears its ugly head

Attackers are manually deploying ransomware directly into target networks to maximise the damage and potential payout. Unlike "spray-and-pray" attacks such as WannaCrypt, which hit victims at random, targeted attacks that manually execute the ransomware enable criminals to ensure they have locked mission-critical files that …
John Leyden, 19 Jul 2017

Sleuths unearth 'Panic Mode' in Android, set off by mashing back button

The phone sleuths at XDA-Developers have unearthed a handy undocumented feature in the latest version of Android. Phones running Nougat 7.1.1 are able to invoke a "panic button" by pressing the back key four times. It's in the AOSP source code for the Android Window Manager. Panic mode returns the user to the home screen, …
Andrew Orlowski, 13 Jul 2017
Picture of multi-layered sandwich. Photo by Shutterstock

Biometric data stolen from corporate lunch rooms system

A US payment kiosk vendor has been stung by malware scum. Avanti Markets helps employers monetise the lunch-room and get rid of counter-service, going beyond a simple vending machine to cover the whole sandwiches-fruit-drinks-junk-food with one payment system. Last week, as first spotted by Brian Krebs, the company posted …

Create a news alert about malware, or find more stories about malware.

Biting the hand that feeds IT © 1998–2017