There’s a new Mirai variant and, big surprise, Android applications are taking more permissions than they are granted. For Linux users, there’s a new ransomware family targeting Linux-based Network Attached Storage (NAS).

For more articles, check out our #onpatrol4malware blog.

install ransomware

Turla Group Exploits Iranian APT To Expand Coverage Of Victims

Source: NSA

The Turla group, also known as Waterbug or VENOMOUS BEAR, is widely reported to be associated with Russian actors. Read more.


New Miori Variant Uses Unique Protocol to Communicate with C&C

Source: Trend Micro

We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. Read more.


An Analysis of Godlua Backdoor

Source: Netlab

The file itself is a Lua-based Backdoor, we named it Godlua Backdoor as the Lua byte-code file loaded by this sample has a magic number of “God”. Read more.

disseminate ransomware

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

Source: The Hacker News

A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) and holding users’ important data hostage until a ransom is paid. Read more.

install ransomware

Rogue Android apps ignore your permissions

Source: Sophos

New research has revealed that apps are snooping on data including location and the phone’s unique ID number – even when users haven’t given permission. Read more.


GreenFlash Sundown exploit kit expands

Source: Malwarebytes

Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. Read more.


Houdini Worm Transformed in New Phishing Attack

Source: Cofense

The Cofense Phishing Defense Center™ (PDC)[…] identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. Read more.