Android malware and adware, along with mobile espionage made headlines during the last two weeks. No shortage of variety in malicious behavior, there are also articles about some RATs and APTs with current activities.
For more articles, check out our #onpatrol4malware blog.
Tracking down the developer of Android adware affecting millions of users
Source: welivesecurity
ESET researchers discovered a year-long adware campaign on Google Play and tracked down its operator. The apps involved, installed eight million times, use several tricks for stealth and persistence. Read more.
E-SKIMMING: Skimming Online Customer Payment Data From Website Checkout Forms
Source: niccs.us-cert.gov
Cyber criminals introduce skimming code on e-commerce payment card
processing web pages to capture credit card and personally identifiable
information and send the stolen data to a domain under their control. Read more.
A Deep-Dive Analysis of the NukeSped RATs
Source: Fortinet
Advanced Persistent Threat (APT) groups pose a great threat to global security, especially groups associated with nation states. Read more.
SWEED Targeting Precision Engineering Companies in Italy
Source: marcoramilli
The attacker pretended to be a customer and sent to the victim a well crafted email containing a Microsoft XLS file including real spear-parts codes, quantities and shipping addresses. A very similar attack schema to MartyMCFly campaign. Read more.
Hackers are using a bug in PHP7 to remotely hijack web servers
Source: The Next Web
The PHP programming language underpins much of the Internet. It forms the basis of popular content management systems like WordPress and Drupal, as well as more sophisticated web applications, like Facebook (kinda). Read more.
New cyberattacks targeting sporting and anti-doping organizations
Source: Microsoft
Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. Read more.
Hiding in Plain Sight: New Adwind jRAT Variant Uses Normal Java Commands to Mask its Behavior
Source: Menlo Security
Street magicians have a secret: If you want to hide something, hide it in plain sight. Unfortunately, malicious actors are learning how to use the same concept to sneak malware past traditional cybersecurity tools and onto users’ computers. Read more.
Xhelper: Persistent Android Dropper App Infects 45K Devices in Past 6 Months
Source: Symantec
Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. Read more.
The commoditization of mobile espionage software
Source: Talos
The creators of these types of apps can track user’s locations, see their social media usage, and they certainly open the door for abuse by governments hoping to spy on their citizens, parents looking to track their children or controlling spouses hoping to track every move their partners make. Read more.
Deepfakes: When seeing isn’t believing
Source: welivesecurity
Deepfakes are rapidly becoming easier and quicker to create and they’re opening a door into a new form of cybercrime. Read more.
Malware Analysis Report (AR19-304A)
MAR-10135536-8 – North Korean Trojan: HOPLIGHT
Source: CISA
Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used by the North Korean government. This malware variant has been identified as HOPLIGHT. Read more.
QSnatch – Malware designed for QNAP NAS devices
Source: Traficom
In this article a malware dissected by the NCSC-FI specialists is visited upon. The malware is designed specifically for QNAP NAS (Network Attached Storage) devices, and it is capable of various malicious activities in an infected device. Read more.
DarkUniverse – the mysterious APT framework #27
Source: Kaspersky SecureList
In April 2017, ShadowBrokers published their well-known ‘Lost in Translation’ leak, which, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. Read more.