01 Feb 2019

Mac “CookieMiner” Malware Aims to Gobble Crypto Funds

Researchers with Palo Alto Networks have discovered a sophisticated new strand of Mac malware that uses a combination of techniques to steal cryptocurrency from online wallets or exchange accounts. The malware, dubbed CookieMiner, can steal browser cookies for popular cryptocurrency exchanges, passwords saved in Google Chrome and iPhone text messages

Read More
28 Jan 2019

Ursnif Trojan is back with fileless persistence

Carbon Black researchers have uncovered a sophisticated malware campaign involving the infamous Ursnif Trojan, also known as Dreambot, and the popular GandCrab ransomware. In the first stage of the campaign, threat actors distribute spam emails containing Microsoft Word documents that have been corrupted with malicious macro scripts. The macros inside

Read More
23 Jan 2019

Community Project Crushes 100,000 Malware Sites in 10 Months

As part of a cybersecurity initiative launched in March of last year, 265 security researchers have spent the last 10 months identifying and shutting down a total of almost 100,000 websites that were used to distribute malware. The URLhaus initiative was started by abuse.ch, a Swiss nonprofit aimed at fighting

Read More
23 Jan 2019

Cybercriminals increasingly taking aim at businesses

A new report by Malwarebytes underlines how cybercriminals have shifted their focus in 2018 from campaigns targeting individual users to those focusing exclusively on high-value business targets. Endpoint attacks have also increased. Trojans were the most prevalent type of malware targeting companies, with the sophisticated Emotet and Trickbot Trojans as prime

Read More
18 Jan 2019

These malicious Android apps will only strike when you move your smartphone

Once again, cybercriminals have managed to sneak malicious apps onto the Google Play Store. Researchers with Trend Micro have found two Android apps on Google Play that serve the Anubis banking Trojan, but only if information from the motion sensors on the targeted device indicate movement. The two apps are Currency

Read More
18 Jan 2019

Malware can now evade cloud security tools, as cybercriminals target public cloud users

Rocke Group, a cybercrime group believed to be operating from China, has developed cryptocurrency mining software that can uninstall cloud-based security solutions from targeted systems as a way of evading detection. Researchers with Palo Alto have so far only found proof that the malware works on Chinese cloud security solutions,

Read More
15 Jan 2019

Cryptocurrency mining malware is the number one malware menace – again

The latest edition of Check Point’s Most Wanted Malware list indicates that cryptojackers – malware that covertly mines cryptocurrency on infected devices – remain the most prevalent type of malware. The four highest entries are all cryptojackers, with Coinhive clinching the top spot once again. A notable newcomer on the

Read More
10 Jan 2019

This Trojan attack adds a backdoor to your Windows PC to steal data

Researchers at cybersecurity firm Proofpoint have discovered a new attack campaign by TA505, a notorious cybercrime group responsible for various major attacks in recent years, including the Locky ransomware campaign. The campaign combines two types of malware, ServHelper and FlawedGrace. ServHelper is the newest of the two, being discovered only in November of last year. It installs

Read More
19 Dec 2018

Cybercriminals Are Controlling Malware Through Twitter Memes

A new malware variant monitors a public Twitter feed that is used to post Command and Control commands via steganographic messaging in meme photos. “When activated on an infected machine the Trojan began monitoring the Twitter feed for updates. The images contained hidden ‘print’ commands which told the Trojan to

Read More
14 Dec 2018

Operation Sharpshooter Takes Aim at Global Critical Assets

“Operation Sharpshooter uses a new implant to target mainly English-speaking nuclear, defense, energy and financial companies. Researchers have detected a widespread reconnaissance campaign using a never-before-seen implant framework to infiltrate global defense and critical infrastructure players — including nuclear, defense, energy and financial companies. The campaign, dubbed Operation Sharpshooter, began

Read More