There’s a new Mirai variant and, big surprise, Android applications are taking more permissions than they are granted. For Linux users, there’s a new ransomware family targeting Linux-based Network Attached Storage (NAS).
For more articles, check out our #onpatrol4malware blog.
Turla Group Exploits Iranian APT To Expand Coverage Of Victims
Source: NSA
The Turla group, also known as Waterbug or VENOMOUS BEAR, is widely reported to be associated with Russian actors. Read more.
New Miori Variant Uses Unique Protocol to Communicate with C&C
Source: Trend Micro
We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. Read more.
An Analysis of Godlua Backdoor
Source: Netlab
The file itself is a Lua-based Backdoor, we named it Godlua Backdoor as the Lua byte-code file loaded by this sample has a magic number of “God”. Read more.
A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
Source: The Hacker News
A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) and holding users’ important data hostage until a ransom is paid. Read more.
Rogue Android apps ignore your permissions
Source: Sophos
New research has revealed that apps are snooping on data including location and the phone’s unique ID number – even when users haven’t given permission. Read more.
GreenFlash Sundown exploit kit expands
Source: Malwarebytes
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. Read more.
Houdini Worm Transformed in New Phishing Attack
Source: Cofense
The Cofense Phishing Defense Center™ (PDC)[…] identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. Read more.