malware
Latest
'WannaCry hero' Marcus Hutchins sentenced to supervised release
Marcus Hutchins' efforts to stop the spread of WannaCry malware just helped him avoid prison time. Judge JP Stadtmueller has sentenced Hutchins to a year of supervised release after he pleaded guilty to creating and distributing Kronos banking malware. He was a teen when he committed the offenses, according to the judge, and he was "turning a corner" before he faced charges. Hutchins acknowledged that he'd made "bad decisions" and that he had "no desire" to slip back into a life of online crime.
TrickBot malware may have hacked 250 million email accounts
TrickBot malware may have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware isn't new. In fact, it's been circulating since 2016. But according to cybersecurity firm Deep Instinct, it has started harvesting email credentials and contacts. The researchers are calling this new approach TrickBooster, and they say it first hijacks accounts to send malicious spam emails and then deletes the sent messages from both the outbox and trash folders.
US Cyber Command warns of nation-state hackers exploiting Outlook
The recent surge in state-backed hacking campaigns isn't dying down any time soon. US Cyber Command has reported that unnamed state actors are making "active malicious use" of a 2017-era Outlook vulnerability (long since patched) to escape the email client's sandbox and run malware on a target system. While officials didn't say who was involved, some clues have hinted at a possible connection to Iran.
Government hackers reportedly broke into Russian search company Yandex
According to a Reuters report, hackers working for Western intelligence agencies reportedly broke into Yandex, the company often referred to as "Russia's Google." The hackers were allegedly looking for technical information that would indicate how Yandex authenticates user accounts. That information could help a spy agency impersonate Yandex users and obtain access to their private messages.
US recommends Windows users patch against worm vulnerability
Microsoft Windows users who haven't patched their OS (or are using an unsupported version) are at risk of attackers exploiting a vulnerability known as BlueKeep. The Cybersecurity and Infrastructure Security Agency (CISA), Homeland Security's lead cybersecurity agency, said it successfully tested a working exploit for the BlueKeep vulnerability. Specifically, the agency was able to remotely run code on a Windows 2000 computer using BlueKeep, it stated in an advisory. The bug effects computers that are running Windows 7 or earlier (as well as Windows Server 2003 and 2008), and gives potential attackers access through Microsoft's Remote Desktop Services.
Samsung tweet suggests scanning your smart TV for malware every few weeks
This morning a Samsung customer support account tweeted an odd warning that, to prevent malicious software attacks on your smart TV, you should scan it for viruses every few weeks. It even included an instructional video to help you do so. The tweet, first spotted by The Verge, was short lived. Samsung has since removed it, but it existed long enough to raise a few red flags.
The US planted offensive malware in Russia's power grid
The US appears to be acting on its promise to aggressively respond to cyberwarfare threats. New York Times sources say Cyber Command has planted offensive malware in Russia's electrical grid, not just reconnaissance as has been the case since "at least" 2012. It's not certain just how deep the infiltration goes or what malware is capable of doing. The intention, however, is clear -- this is meant both to serve as a deterrent as well as a weapon in case the US and Russia trade blows.
Auction for a laptop full of malware closes at $1.3 million (updated)
Today, bidding on a laptop packed with some of the world's most dangerous malware closed at $1.345 million. Dubbed "The Persistence of Chaos," the Samsung NC10 contains six viruses that have caused an estimated $95 billion in damages. Despite what you might think, it's not meant to be a tool for any world domination scheme. It's intended strictly as an art piece -- though it could be used for academic purposes -- and it's currently isolated and air-gapped to prevent foul play.
International effort busts $100 million malware crime network
The US, five other countries and Europol have dismantled an elaborate cybercrime ring that relied on one piece of malware to pull off heists. Officials have charged 10 people across five countries with using GozNym malware to grab banking login credentials in a bid to steal about $100 million from over 41,000 target computers, most of them linked to US businesses and their associated banks. It's not certain how much money the team obtained.
WhatsApp call exploit let attackers slip spyware on to phones
WhatsApp appears to have been the inadvertent conduit for a surveillance campaign. Both WhatsApp and Israeli software developer NSO Group have confirmed that an exploit in WhatsApp's voice calling allowed attackers to load NSO's Pegasus spyware on to Android and iOS devices. The tool could infect a device even if a user didn't answer, and the malicious calls would frequently disappear from logs. Pegasus can use the camera and mic in addition to scooping up location and message info.
US charges China-based hacking group for massive 2015 Anthem breach
Four years after hackers committed one of the worst data breaches in history, the US Justice Department has charged a "sophisticated China-based hacking group" with the attacks. An indictment released yesterday charges two members of the group, Fuji Wang and another listed as John Doe, with four counts of conspiracy and intentional damage. According to the indictment, Wang and Doe allegedly broke into and stole data from computer networks in four distinct business sectors. The most high-profile hit was the 2015 Anthem breach, in which prosecutors say the hackers stole personal information from nearly 80 million people.
Russian hackers are hijacking computers at embassies (updated)
Russian hackers have apparently launched cyberattacks against embassies, although it might not be the kind of campaign you're expecting. Check Point Research reports that the attackers have attempted to compromise PCs at embassies for countries like Italy, Bermuda and Kenya by tricking officials into loading malware. Most often, they emailed Excel spreadsheets with malicious macros that would hijack a computer using the popular remote access app TeamViewer.
US convicts Romanians over scheme that hijacked 400,000 computers
Two Romanian residents are about to face prison time for a particularly large digital crime spree. A federal jury has found Radu Miclaus and Bogdan Nicolescu guilty for a scheme that stole credit card data and other sensitive info by hijacking over 400,000 computers located primarily in the US. The duo reportedly developed custom malware in 2007 that would pose as a legitimate organization (such as the IRS, Norton or Western Union) and infect PCs when users opened an attachment. From then on, the perpetrators stole data and money by injecting fake websites (such as bogus eBay auctions), mining cryptocurrency in the background and amassing contact information that could be used to infect more targets.
UK sentences porn site sextortionist to over six years in prison
A British court just imprisoned one of the most aggressive sextortionists in recent memory. Zain Qaiser has been sentenced to six years and five months behind bars after pleading guilty to a scheme that blackmailed porn site visitors in over 20 countries by spreading malware-laden ads. The campaign would impersonate regional police (such as the FBI) and claim that victims who clicked the ads had committed an offense requiring a fine between $300 and $1,000. Qaiser worked with a Russian crime group that reportedly pocketed most of the money, but he still made over £700,000 (about $914,000) -- and prosecutors believe he has even more money stashed in offshore accounts.
Researchers trick radiologists with malware-created cancer nodes
Security researchers in Israel have developed malware that can add realistic-looking but entirely fake growths to CT and MRI scans or hide real cancerous nodules that would be detected by the medical imagining equipment. The software, designed by experts at the Ben Gurion University Cyber Security Research Center, was created to highlight the lax security protecting diagnostic tools and hospital networks that handle sensitive information.
Chinese woman arrested carrying malware into Trump resort
President Trump's Mar-a-Lago resort just dealt with a decidedly unusual malware 'attack.' A Chinese woman, Yujing Zhang has been charged with making false statements to a federal officer and entering restricted property after she visited Mar-a-Lago on March 30th carrying a thumb drive apparently loaded with malware. Zhang initially told the Secret Service that she wanted to use the pool, but later claimed she'd traveled to attend a non-existent UN "Friendship Event" (at the request of a mysterious "Charlie") and wanted to speak to a member of the Trump family about China's economic relationship with the US.
Google report details the ongoing fight against bad Android apps
Today, Google released its fifth annual security and privacy report. Despite an overall increase in potentially harmful application (PHA) downloads -- due to the fact that click fraud is now included in the PHA category -- Google is optimistic, saying the "overall health of the Android ecosystem improved."
ASUS releases fix for ShadowHammer malware attack
ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
Two thirds of Android antivirus apps don't work properly
It can be wise to secure your Android phone with antivirus software, but which ones can you count on? You can rule out most of them, apparently. AV-Comparatives has tested 250 antivirus apps for Google's platform, and only 80 of them (just under one third) passed the site's basic standards -- that is, they detected more than 30 percent of malicious apps from 2018 and had zero false positives. Some of the apps that fell short would even flag themselves, according to the researchers.
A 19-year-old WinRAR bug is being used to install malware
Last month, a 19-year-old bug was discovered in WinRAR, a software used to extract .zip and other file archives on your Windows PC. The company was quick to patch the bug, but users who haven't updated to version 5.70 are still vulnerable. Now, opportunistic hackers are taking advantage of that. McAfee, a global software security company, revealed in a blog post that it has identified more than 100 unique exploits, with most of the targets in the US.
