And, of course, who can forget the FBI s hack of the iPhone 5C in the San Bernardino shooting investigation?These two web-based attacks exploit weaknesses in legitimate websites and internet browsers, and will completely bypass the security of OS X.Security Tip: To reduce the risk of XSS and MiTB, make sure the web browser is up to date, consider using script-blocking plugins and use a password manager to safely store your login credentials.The software is able to bypass Mac s Gatekeeper security tool by using fake certificates.Apple has been targeted by botnet malware multiple times, as in the 2014 iWorm and the Flashback Trojan in 2011.Security Tip: Follow the botnet tips above, but also make sure to back-up all important data regularly.
The trojan - which already targets banks in other countries, including Germany, Austria, France, Australia and Turkey - has added nine major UK bank brands onto its roster, IBM's X-Force security research team warns.Marcher is an Android-specific nasty that has been around since late 2013, initially surfacing on Russian-speaking underground cybercrime forums as a tool for snaffling credit card data from compromised devices.Carefully matching each bank s look and feel, Marcher adapts its fake overlay screens to the organisations it targets.The adaptation is most likely programmed by the original malware developer for an extra fee.The Android nasty s control of the device s SMS relay and phone calls also allows it to initiate covert text messages/calls to premium toll numbers registered by the cybercriminals in foreign countries, generating yet more illicit income fro the crooks behind the scam in the process.Marcher spreads to devices via spam emails and text messages that trick prospective marks into thinking they are downloading a Flash update.
Releases of new ransomware grew 24 per cent quarter-on-quarter in Q1 2016 as relatively low-skilled criminals continued to harness exploit kits for slinging file-encrypting malware at their marks.The report also records the return of the Pinkslipbot Trojan, a backdoor Trojan with worm-like abilities that debuted in 2007.Pinkslipbot is capable of stealing banking credentials, email passwords, and digital certificates from compromised PCs, making it a particularly potent threat.The latest iteration of the nasty surfaced in late 2015 and features anti-analysis and multi-layered encryption.The Gamut botnet became the most productive spam botnet in Q1, increasing its volume by nearly 50 per cent.Kelihos, the most prolific spamming botnet during Q4 2015 and a widespread malware distributor, slipped to fourth place in Intel Security s charts.
The number of network infections generated by some of the most prolific forms of malware -- such as Locky, Dridex, and Angler -- has suddenly declined.Instances of malware and ransomware infection have risen massively this year, but cybersecurity researchers at Symantec have noticed a huge decline in activity during June, with new infections of some forms of malicious software almost at the point where they've completely ceased to exist.Locky has been one of the most prolific ransomware threats of 2016, as the high-profile infection of a Hollywood hospital demonstrated, but researchers have seen very few new cases of the system locking malware in recent weeks -- and that's just a month after infections peaked.However, this isn't the first time researchers have seen Angler disappear, so it may not yet be defeated.Given that the threats from Locky and Dridex haven't disappeared completely, it's thought that these malware campaigns aren't directly linked to those responsible for using Lurk.While that's slowed activity for now, it's probably only a matter of time before Locky, Dridex, and other forms of malware are on the rise again -- because cybercriminals know this form of malicious activity is an easy way to exploit victims for ransom money.
The malware redirects victims to perfect replicas of online banking websitesCredit: IDGNS BostonA hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.However, according to researchers from IBM's X-Force team, its authors have recently launched similar attacks against the online business banking services of four large U.S. banks.If they work, the attackers initiate fraudulent money transfers out of the victim's account."Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information and two-factor authentication elements," the IBM X-Force researchers said in a blog post.In addition to the usual security recommendations of keeping software up to date, running an antivirus program, and being wary of email attachments, employees in charge of finances inside companies should try to use dedicated computers to access bank accounts and operate financial transactions.
A prolific piece of Trojan smartphone malware which installs malicious apps, games, and continually pushes pop-up adverts onto victim's phones is making its creators as much as $500,000 per day.Hummer was first discovered by the Cheetah Mobile Security Research Lab in 2014, but the malware initially lay dormant for many months.However, a blog post by the security researchers details how Hummer started infecting hundreds of thousands of phones in summer last year, before exploding into 2016.Every time the Trojan installs a new application on the infected devices, it's thought the developers make $0.50.While that may sound like a small amount, the proliferation of Hummer means its creators make big bucks."If the virus developer were able to make $0.50 USD the average cost of getting a new installation every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily," say researchers.
"Hummer" has become the world's biggest mobile Trojan threatMalware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world s largest mobile Trojan.The company s researchers have been tracking Hummer since 2014.Users are downloading Hummer Trojans thinking they ll gain access to YouTube or other Google services.But in reality, Hummer secretly roots the user s device, gaining admin-level access to the operating system.It then installs any number of unwanted apps, including games and apps related to porn.
Android malware is a serious issue that affects millions of people, no matter what you hear from Google.It s one of the reasons the iPhone is still better than Android after all these years.We recently learned about a new type of malicious application can masquerade as WhatsApp, Facebook, and Uber to harm users, and now a new report notes that a trojan-type of Android application has infected millions of users, netting the Chinese group of hackers who developed it about $500,000 per day at one point.MUST READ: 5 ways the iPhone is still better than Android after all these yearsA new report from the Cheetah Mobile Security Research Lab details Hummer, this newly discovered family of malware apps.In the first half of the year, the Hummer trojan infected nearly 1,4 million devices per day – see the following graphic.
Your browser does not support HTML5 videoPlayPausePlayPauseMute0%00:00 / 00:00FullscreenSmallscreen Close Embed Feed Tech Talk: How Much of a Security Risk is Your Smartphone?One of the world's largest and most prolific Trojans has been uncovered by security researchers, who claim to have traced the source of the Trojan family and its authors to an "underground internet industry chain" in China.The Trojan, dubbed Hummer, infects over one million users' phones and rakes in up to $500,000 £375,252 on a daily basis.According to researchers at the Cheetah Mobile Security Research Lab, Hummer has so far affected users in 25 countries and is spreading rapidly across the world.India, Indonesia, Turkey and China have been the most severely affected by the Trojan.However, some European countries including Germany, Romania, Russia, Ukraine as well as the US have also been affected by the malware sprouting Trojan.
The rapidly spreading Hummer Trojan installs unwanted apps, uses up bandwidth and can t be removedAn Android malware family originating in China has spread to become the top mobile phone Trojan, infecting more than 1.4 million devices daily at its peak, according to security researchers.The Hummer family of Trojans, a type of malware that spreads by concealing its true nature, infected up to 63,000 devices per day during the first half of this year, according to Cheetah Mobile Security Research Lab.The firm estimated that if the virus developers were able to make 50 cents 38 pence for each new installation on a smartphone, the group would have taken in an average of $500,000 £376,000 per day during the period.The company found 12 Internet addresses housing control servers used to issue commands to the Trojan, some of them linked to email accounts in mainland China, and this and other evidence led Cheetah to conclude that the malware s developers are linked to the Chinese Internet underworld.India has the most infections, followed by Indonesia, Turkey and China, but the US and European countries including Germany, Spain and Italy have also seen thousands of infections, Cheetah said.
Your browser does not support HTML5 videoPlayPausePlayPauseMute0%00:00 / 00:00FullscreenSmallscreen Close Embed Feed Hacking your money: Cloning credit cards, stealing bitcoin and spoofing Verified by Visa IBTimes UKCanada has been hit by several major banking Trojans targeting businesses and citizens alike.Six different malware variants have been uncovered by security researchers, including Dridex, Zeus, Kronos, Gootkit, Ursnif and Vawtrak.Security firm Proofpoint detected the surge in banking Trojans directed at Canada, adding that while it was not uncommon for threat actors to target Canadian businesses and residents, the "volume and diversity" of the recent campaigns indicate a notable rise.Hackers are believed to be using mainly malicious Microsoft Word documents in spam emails to infect users' systems.Proofpoint Threat Operation Centre VP Kevin Epstein told IBTimes UK: "Like the other major industrialised nations, Canada is a wealthy country with a robust banking system and widespread adoption of automation and online services for banking, social media, productivity, and many other activities.
Security researchers have discovered a possible link between the demise of the Angler Kit and a crackdown against the Lurk banking trojan crew.In June, a group of individuals was arrested in Russia for using Lurk to target Russian banks.Cisco Talos researchers noticed that within a week of the arrests, Angler had disappeared from the threat landscape.This coincidence prompted the Talos team to look more closely at Lurk, a prolific and profitable trojan that specifically targeted customers of Russian banks.Suspects arrested in June stand accused of stealing around $45 million USD from Russian banks using Lurk.Lurk was being delivered largely through Angler to victims inside of Russia.
Symantec has noticed a call-barring function in a newer version of Android malwareBanking Trojans are continuing to evolve, according to Symantec.A new Trojan that can steal your payment data will also try to stymie you from alerting your bank.Security vendor Symantec has noticed a call-barring function within newer versions of the Android.Fakebank.B malware family.By including this function, a hacker can delay the user from canceling any payment cards that have been compromised, the company said in a blog post.Fakebank was originally detected in 2013.
A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data.The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a combination of social engineering, extortion and ransomware.Deliah is distributed in tight circles only and kept off open crimeware forums .Gartner fraud analyst Avivah Litan received information on the trojan and says it targets employees at their homes and offices."Once installed the hidden bot gathers enough personal information from the victim so that the individual can later be manipulated or extorted," Litan writes."This includes information on the victim s family and workplace.
Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware.The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016.Ammyy Admin is a legitimate software package used by top corporations and Russian banks, among others , even though it has a history of being abused by fraudsters, including tech support phone scammers.Several security software firms classify Ammyy as a potentially unwanted app.Ammyy developers had managed to remove the malware at the time of publication.Researchers at Kaspersky Lab reckon that attackers used weaknesses in the Ammyy website in order to add the malware to the installation archive of the legitimate remote access software.
Hackers use Google Drive to host malicious files that seems to be targeting a number of Asian countriesGoogle Drive is being used by hackers to host malicious files as part of a malware campaign targeting a number of Asian countries including Myanmar and Taiwan.This is the warning from Unit 42 researchers at Palo Alto Networks in a blog post, in which they said the 9002 Trojan is delivered onto a victim s computer via a combination of shortened URL links and a shared file hosted on Google s cloud storage service.According to the researchers, the attackers make use of a server that hosts a custom redirection script to track successful clicks by targeted email addresses.This shortened link redirects to an actor-controlled server that we refer to as a redirection server, which redirects the victim to a gmail address belonging to a well-known politician and human rights activist in Myanmar .From there the victim is redirected to a Zip file hosted on Google Drive, bearing the filename of 2nd Myanmar Industrial Human Resource Development Symposium.zip .
Its free availability makes it likely that it will be used in attacks soon, researchers sayAndroid gets down to business at Mobile World Congress.A new and potent Android Trojan has been leaked on several underground forums, making it available for free to less resourceful cybercriminals who are now likely to use it in attacks.The Trojan app is called SpyNote and allows hackers to steal users' messages and contacts, listen in on their calls, record audio using the device's built-in microphone, control the device camera, make rogue calls and more.According to researchers from Palo Alto Networks, SpyNote does not require root access to a device, but does prompt users for a long list of permissions on installation.It's not clear yet how attackers intend to distribute it to victims, because researchers haven't observed attacks in the wild using it.
Hip new photo editing app Prisma uses neural networks and artificial intelligence to turn your photos into masterpieces, but the fake versions do none of that.Prisma, the app that became a global sensation with its ability to turn your photos into works of art, has become a honeypot for cybercriminals, with fake versions appearing in app stores vying to steal your personal information.Capitalising on the popularity of the transformation app several, phoney versions loaded with sly tricks such as fake surveys to capture users' data, as well as dangerous Trojan downloaders, snuck onto the Google Play Store.According to a blog by ESET, who discovered these fake apps among the five Trojan downloaders on Google Play, two have phishing functionality implemented that could probably be executed via the downloaded module.Displaying a fake request to update the device's operating system to Android 6.0, the user is lured into entering their Google account credentials into a fake log-in form.The photo app was first released on iOS with a highly-anticipated Android version arriving later – this proved to be the perfect setup for fraudsters to flood the Google Play Store with fake versions before the official release in the hope of catching out a few gullible users.
Cyber warfare appears to be the latest tool deployed in the territorial dispute over the South China SeaHackers have used targeted malware to steal data from some of the governments and private sector organisations involved in the dispute over territory and sovereignty in the South China Sea.Cybersecurity company F-Secure Labs uncovered the malware, dubbed NanHaiShu by researchers, which it said targeted the Philippines Department of Justice, a major international law firm involved in the South China Sea case, and the organisers of November 2015's Philippines-based Asia-Pacific Economic Cooperation APEC Summit.Erka Koivunen, cyber security advisor at F-Secure, said the NanHaiShu campaign is particularly sophisticated in nature."This isn't an ordinary, run-of-the-mill opportunist piece of malware, but something that somebody has put some thought into and effort into, running a campaign with a selected group of organisations and individuals that are being targeted."NanHaiShu is a remote access Trojan which is able to send any information from an infected machine to a remote command and control server with a Chinese IP address.
It was spread primarily through infected floppy drives remember them?When a machine was infected, the damage that could be done was relatively limited.That changed when criminals realized that they can make money out of malware.Which is why this recently-discovered trojan for Windows is so strange, as it acts and looks like some of the digital nasties you might have seen in the early 90 s.The method of infection is two compromised install files for the audio editing software Audacity, and the start menu replacement Classic Shell.These came from FossHub, which ironically has the slogan No adware, no spyware, no bundles, no malware.