malware
Latest
'SimBad' Android adware was downloaded nearly 150 million times
As much as Google has done to keep malware out of the Play Store, some notable examples still get through. Google has pulled 210 apps from the store after Check Point researchers discovered that they were infected with the same strain of adware. Nicknamed "SimBad" based on the abundance of infected simulator games, the code hid in a bogus ad-serving platform and created a back door that could install rogue apps, direct users to scam websites and show other apps in stores. Check Point believes the apps' developers were tricked into using the platform.
Ryuk ransomware banks $3.7 million in five months
The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.
Over a dozen iPhone apps talked to a known malware server
Apple's App Store has generally had fewer security concerns than the Google Play Store, but that hasn't stopped questionable apps from slipping through the cracks. Security researchers from Wandera have discovered 14 games that all communicated with the same server used to control Golduck malware for Android. While the apps themselves appeared innocuous, they were loaded with ads. It would have been feasible to use ads to trick users into granting permission for malware installed outside the App Store, Wandera told TechCrunch.
NSA will release a free tool for reverse engineering malware
The NSA has frequently been accused of holding on to info that could potentially improve security, but this time it's being a little less secretive. The agency is planning to release a free reverse engineering tool, GHIDRA, in tandem with the RSA Conference on March 5th. The software dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.
Malware stalls delivery of LA Times and other major US newspapers
If you still look forward to reading a physical newspaper now and then, you might have been in for a rude surprise this weekend. An unspecified malware strain has attacked Tribune Publishing's network, delaying the release of Saturday editions of at least some of its papers (including the LA Times, San Diego Union Tribune and South Florida Sun Sentinel) as well as West Coast versions of the New York Times and Wall Street Journal, both of which are printed at the LA Times' Los Angeles plant. It was particularly severe for San Diego residents -- between 85 to 90 percent of Saturday papers didn't reach customers.
FBI and Google dismantle multi-million dollar ad fraud scheme
A massive ad-fraud operation that hijacked nearly two million devices and involved 5,000 counterfeit websites has been dismantled by the FBI, Google and bot-detection firm White Ops. The eight men involved in the scheme are facing charges -- three have been arrested and five remain at large.
Windows' built-in antivirus tool can run in a secure sandbox
Antivirus programs, by their nature, introduce a degree of risk. Since they have to scan malicious data to stop attacks (and thus need extensive permissions), a piece of malware that exploits antivirus flaws can typically run with impunity. That could be much more difficult if you're using Windows 10's built-in safeguards, though. Microsoft is gradually rolling out a Windows Insider preview where Defender Antivirus has the option of running in a sandbox -- the first "complete" solution to do this, the company said. Should the worst happen and malware targets Defender Antivirus, any hostile actions will be limited to the antivirus tool's environment instead of running amok on your PC.
Fake Flash updates upgrade software, but install crypto-mining malware
According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero. But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.
Kelihos botnet operator pleads guilty to hacking and fraud charges
The Kelihos botnet story appears to be winding to a close. Russian Peter Levashov has pleaded guilty to charges relating his operation of the botnet, including intentional damage to a computer, wire fraud, conspiracy and identity theft. He reportedly used Kelihos to spread spam email, collect login details, install ransomware and otherwise attack users' computers, including selling access to the botnet.
Top-grossing Mac App Store app steals users’ browser histories
Adware Doctor is a top app in Apple's Mac App Store, sitting at number five in the list of top paid apps and leading the list of top utilities apps, as of writing. It says it's meant to prevent "malware and malicious files from infecting your Mac" and claims to be one of the best apps to do so, but unbeknownst to its users, it's also stealing their browser history and downloading it to servers in China.
Android exploit targeted apps' shoddy use of external storage
Many mobile security flaws revolve around obvious avenues like websites or deep, operating system-level exploits. The security team at Check Point, however, has discovered another path: apps that make poor use of external storage like SD cards. While apps would ideally stick to internal storage (which Google sandboxes against outside influence) as much as possible, some apps have relied unnecessarily on unprotected external storage and didn't bother to validate the data coming from that space. An intruder could take advantage of that poor security policy to manipulate the data and cause havoc -- Check Point called it a "man-in-the-disk" attack.
TSMC says virus that shut down its plants is a WannaCry variant
Over the weekend, chip manufacturer TSMC reported that some of its fabrication plants had to be shut down because of a virus that had infected the company's systems. While some were able to resume operations quickly, others were out of commission for up to a day. Now, TSMC has blamed a WannaCry variant for the disruption. Bloomberg reports that the company has resumed full operations but shipment delays are expected.
Chip giant TSMC struggles with virus infections at its factories
Many of the tech products launching this fall might have just run into production setbacks. Giant chip manufacturer TSMC has warned that several of its fabrication plants suffered virus infections on August 3rd, disrupting production. Some of these plants recovered in a "short period of time," it said, but others wouldn't resume business as usual for "one day." The company dismissed claims that this was a hack, but didn't initially provide details about the virus or the potential infection path.
Three men arrested for stealing over 15 million payment cards
US officials announced today that three alleged leaders of the cybercrime group known alternatively as Fin7, Carbanak and the Navigator Group have been arrested in Germany, Poland and Spain and charged with 26 felony counts. The charges include conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. The Department of Justice alleges that Fin7 members have targeted more than 100 US companies, hacked thousands of computer systems and stolen 15 million credit and debit card numbers. The group is said to have breached networks in 47 states and Washington, DC and hacked 6,500 point-of-sale terminals at over 3,600 business locations.
Chinese 'hackers' try to attack state governments by mailing CDs
How do you infiltrate US government computers when security experts are increasingly aware of your hacking campaigns? Send old-fashioned mail, apparently. The Multi-State Information Sharing and Analysis Center has warned officials of a China-based campaign that mails CDs loaded with malware. State institutions have received China-postmarked envelopes containing both discs with virus-laden Word documents as well as nonsensical letters. While it's not clear what the exact intent was, it looks as if the 'hackers' hoped to make their campaign seem more plausible by sending something physical.
That 'Fortnite' cheating app is probably hiding malware
Malware writers and scammers love to exploit demand for popular games to ensnare unwitting victims, and that's truer than ever for a near-ubiquitous game like Fortnite. Rainway has discovered malicious Windows adware hiding in a cheat that promised both an aimbot and free in-game V-Bucks. Install it and it immediately alters Windows to serve its own rogue ads, creating a man-in-the-middle attack (with Rainway as an unwitting participant) by loading its own root certificate and routing all internet traffic through a proxy.
Google adds anti-tampering DRM to Android apps in the Play Store
Google has made a small change to Play Store apps that could prove a significant help to the security of your Android phone. The company is now adding a "small amount" of security metadata to Android APKs to be sure that they were distributed through the Play Store or an approved channel. This will make it possible to verify an app even you're offline, Google said, making it possible to officially add that title to your store library and receive updates through Google's portal. It's digital rights management by another name, as Android Central observed, but that doesn't necessarily mean there's reason to panic -- it may ultimately be helpful, even if there are legitimate concerns.
Olympic hackers may be attacking chemical warfare prevention labs
The team behind the 2018 Winter Olympics hack is still active, according to security researchers -- in fact, it's switching to more serious targets. Kaspersky has discovered that the group, nicknamed Olympic Destroyer, has been launching email phishing attacks against biochemical warfare prevention labs in Europe and Ukraine as well as financial organizations in Russia. The methodology is extremely familiar, including the same rogue macros embedded in decoy documents as well as extensive efforts to avoid typical detection methods.
US government finds new malware from North Korea
Even though Donald Trump is on good terms with North Korea, the Department of Homeland Security is still following that country's ongoing cyberattack campaign (which it's dubbed "Hidden Cobra"). Now CNN reports there's a new variant of North Korean malware to look out for: Typeframe. In a report released yesterday, the DHS says it's able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. These are attacks we've seen in plenty of malware variants, Typeframe is just the latest addition.
Android malware is infecting Amazon Fire TVs and Fire Sticks
If you've loaded any apps onto your Amazon Fire TV or Fire TV Stick that let you watch pirated movies and TV shows, you could be at risk from a cryptocurrency-mining Android virus. AFTVnews reports that the virus -- a malware worm variant -- is not specifically targeting Fire TV devices, but they're vulnerable because of their Android-based operating system.
