xHelper, together with other malware and threat attacks, have added to the concerns of Android users. Read about this threat and more in the latest security industry news below.

For more articles, check out our #onpatrol4malware blog.

malicious Microsoft Office documents

AZORult brings friends to the party

Source: Talos

Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. Read more.

xHelper

xHelper, the Unkillable Android malware that re-Installs after factory reset

Source: Security Affairs

xHelper, a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. Read more.

malicious Microsoft Office documents

BGP Hijacking and BGP Security

Source: Team Cymru

Rostelecom AS12389, a Russian state-owned telecommunication company, hijacked routes to Google, AWS, Cloudflare and others. In fact, this event impacted over 8,000 prefixes of many different ASes. Read more.

xHelper

Advisory: COVID-19 exploited by malicious cyber actors

Source: National Cyber Security Centre

This advisory provides information on exploitation by cyber criminal and APT groups of the current COVID-19 global pandemic. It includes a non-exhaustive list of IOCs for detection as well as mitigation advice. Read more.

malicious Microsoft Office documents

Grandoreiro Malware Now Targeting Banks in Spain

Source: Security Intelligence

IBM X-Force researchers have noticed a familiar malware threat that typically affects bank customers in Brazil has spread to attack banks in Spain. Read more.

malicious Microsoft Office documents

TA505 Continues to Infect Networks With SDBbot RAT

Source: Security Intelligence

It was observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside other custom malware and continues to display tactics used against companies within the past year. Read more.

xHelper

Coronavirus Update App Leads to Project Spy Android and iOS Spyware

Source: Trend Micro

Project Spy infects Android and iOS devices with spyware. Project Spy uses the ongoing coronavirus pandemic as a lure, posing as an app called Coronavirus Updates. Read more.

xHelper

Guidance on the North Korean Cyber Threat

Source: CISA

The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic People’s Republic of Korea (DPRK) – and provides recommended steps to mitigate the threat. Read more.

malicious Microsoft Office documents

Craft for Resilience

Source: CyCraft

Their research shows that the majority of these attacks were concentrated on the Taiwan semiconductor sector. This is worthy of concern, as Taiwan’s semiconductor industry plays a very crucial role in the world. Read more.

malicious Microsoft Office documents

Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems

Source: Trend Micro

Trend Micro will walk you through their analysis of three adware events that they eventually linked and variously named as Dealply, IsErIk, and ManageX. Read more.

xHelper

Web Skimmer with a Domain Name Generator

Source: Sucuri

The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php and it generates domain names based on the current date. Read more.