MSPs and CSPs have been targeted by attackers in an attempt to access their systems and install ransomware. In other news, Android applications are taking more permissions than they are granted.
For more articles, check out our #onpatrol4malware blog.
MSPs Beware: Attackers Targeting MSP Infrastructure to Install Ransomware
Source: Secplicity
Sophisticated threat actors have targeted managed service providers (MSPs) […] intending to install ransomware within their infrastructure and customer base. Read more.
New Miori Variant Uses Unique Protocol to Communicate with C&C
Source: Trend Micro
We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. Read more.
An Analysis of Godlua Backdoor
Source: Netlab
The file itself is a Lua-based Backdoor, we named it Godlua Backdoor as the Lua byte-code file loaded by this sample has a magic number of “God”. Read more.
A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
Source: The Hacker News
A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) and holding users’ important data hostage until a ransom is paid. Read more.
Rogue Android apps ignore your permissions
Source: Sophos
New research has revealed that apps are snooping on data including location and the phone’s unique ID number – even when users haven’t given permission. Read more.
GreenFlash Sundown exploit kit expands
Source: Malwarebytes
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. Read more.
Houdini Worm Transformed in New Phishing Attack
Source: Cofense
The Cofense Phishing Defense Center™ (PDC)[…] identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. Read more.