The last couple of weeks provided the security community with a wide variety of topics, from an AV Comparatives study on antimalware security apps in the Google Play Store to new features and capabilities for TrickBot, AZORult, and Mirai. And related to the ASUS breach, there is a useful resource for verifying the targeted MAC addresses, something all owners of the brand’s computers should check out. Learn more about email security protocols DMARC, SPF and DKIM from CSO and DNS basics from the Internet Society.

For more articles, check out our #onpatrol4malware blog.

Linux ransomware

Security Primer – TrickBot

Source: CIS

TrickBot is a modular banking trojan that targets user financial information and acts as a dropper for other malware. Read more.

Linux malware

DNS Privacy Frequently Asked Questions (FAQ)

Source: Internet Society

This document is organized as a list of frequently asked questions about DNS privacy, providing answers and highlighting the most important aspects of DNS privacy. Read more.

Linux ransomware

IPv6 unmasking via UPnP

Source: Cisco

In the following post, we’ll present a technique that uses the properties of the Universal Plug and Play (UPnP) protocol to get specific IPv4 hosts to divulge their IPv6 address. Read more.

Linux ransomware

Dissecting a NETWIRE Phishing Campaign’s Usage of Process Hollowing

Source: FireEye

Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. Read more.

Linux ransomware

Anubis II – malware and afterlife

Source: Security Affairs

Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Read more.

Linux ransomware

Global law enforcement action against vendors and buyers on the dark web

Source: Europol

Law enforcement from Europe, Canada and the United States joined forces early 2019 to target vendors and buyers of illegal goods on dark web marketplaces. Read more.

Linux ransomware

Making it Rain – Cryptocurrency Mining Attacks in the Cloud 

Source: AT&T Cybersecurity

One of the most widely observed objectives of attacking an organization’s cloud infrastructure has been for cryptocurrency mining. Read more.

point-of-sale malware

Android Test 2019 – 250 Apps 

Source: AV Comparatives

For this test, we searched for and downloaded 250 antimalware security apps by various different developers from the Google Play Store. Read more.

Linux ransomware

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices

Source: The Hacker News

The Mirai variant adds 11 new exploits to its “multi-exploit battery,” making it a total of 27 exploits, as well as a new set of “unusual default credentials” to use in brute force attacks against Internet-connected devices. Read more.

antimalware security apps

Unleash the Hash

Source: Skylight

Get the [almost] full list of MAC addresses that were targeted in the ASUS breach, and share our pain in the short story of extracting them. Read more.

Linux ransomware

Bots and botnets in 2018

Source: BleepingComputer

Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Read more.

Linux ransomware

Main threat source to industrial computers? Mass-distributed malware

Source: Help Net Security

Malicious cyber activities on Industrial Control System (ICS) computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities. Read more.

Linux ransomware

What are DMARC, SPF and DKIM? 

Source: CSO

The three main email security protocols complement one another, so implementing them all provides the best protection.  That’s easier said than done, but these tips can help. Read more.

Linux ransomware

AZORult++: Rewriting history

Source: SecurityList

In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult already known to us, unlike the original malware, they were written not in Delphi, but in C++. Read more.

Linux ransomware

Abuse of hidden “well-known” directory in HTTPS sites

Source: Zscaler

In this blog, we are focusing on the Shade/Troldesh ransomware and phishing pages that we detected last month from several hundred compromised CMS sites. Read more.