Malware Watch - W/E - 071417
Adwind Trojan Is Back in a New Spam Campaign Taking Aim at Aerospace Vector (07/11/2017)
The Adwind malware has resurfaced in a spam campaign that is targeting enterprises in the aerospace industry, with Switzerland, Ukraine, Austria, and the US being the most affected countries. Trend Micro's analysis shows that Adwind also increased from 5,286 detections in January to over 117,000 detections in June.
The Adwind malware has resurfaced in a spam campaign that is targeting enterprises in the aerospace industry, with Switzerland, Ukraine, Austria, and the US being the most affected countries. Trend Micro's analysis shows that Adwind also increased from 5,286 detections in January to over 117,000 detections in June.
Flokibot Awakens with LockPoS Malware in Tow (07/13/2017)
A dormant Flokibot campaign has been resurrected and begun distributing a new point-of-sale (PoS) malware family dubbed "LockPoS" by Palo Alto Networks. Both Flokibot and LockPoS share a common command and control server, making it likely that they are the work of the same threat actor. LockPoS is thought to be targeting companies in Brazil.
A dormant Flokibot campaign has been resurrected and begun distributing a new point-of-sale (PoS) malware family dubbed "LockPoS" by Palo Alto Networks. Both Flokibot and LockPoS share a common command and control server, making it likely that they are the work of the same threat actor. LockPoS is thought to be targeting companies in Brazil.
Magala Malware Boosts Clicks to Victimize Advertisers (07/12/2017)
Kaspersky Lab has provided analysis of Magala, a Trojan clicking malware, which imitates a user click on a particular Web page to boost ad click counts. The main victims are those paying for the advertising. Most Magala infections occurred in Germany and the US between March and early June when the vendor began researching the malware.
Kaspersky Lab has provided analysis of Magala, a Trojan clicking malware, which imitates a user click on a particular Web page to boost ad click counts. The main victims are those paying for the advertising. Most Magala infections occurred in Germany and the US between March and early June when the vendor began researching the malware.
Malware Targets OSX While Phishing Swiss Banking Victims (07/11/2017)
Trend Micro has warned that the OSX_DOK malware, which affects the OSX operating system, is targeting Swiss banking users and is employed in a phishing campaign to drop its payload, which eventually results in the hijacking of a user's network traffic using a man-in-the- middle attack. This malware seems to be a variant of WERDLOD, a malware used in the Operation Emmental campaigns.
Trend Micro has warned that the OSX_DOK malware, which affects the OSX operating system, is targeting Swiss banking users and is employed in a phishing campaign to drop its payload, which eventually results in the hijacking of a user's network traffic using a man-in-the- middle attack. This malware seems to be a variant of WERDLOD, a malware used in the Operation Emmental campaigns.
No Encryption LeakerLocker Malware Demands Payment or Leaks Personal Data (07/11/2017)
The scientists at McAfee spotted a mobile ransomware on Google Play that doesn't encrypt files, but instead extorts payments so that the attacker won't spread private data from the victim. The malware, "LeakerLocker," is available in two apps in the Android store, and Google has been notified.
The scientists at McAfee spotted a mobile ransomware on Google Play that doesn't encrypt files, but instead extorts payments so that the attacker won't spread private data from the victim. The malware, "LeakerLocker," is available in two apps in the Android store, and Google has been notified.
Sneaky SpyDealer Malware Slurps Data from Over 40 Apps (07/11/2017)
Palo Alto Networks researchers discovered an Android malware which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. "SpyDealer" uses exploits from a commercial rooting app to gain root privilege and has culled private data from Facebook, WeChat, Skype, WhatsApp, the Firefox browser, and more. SpyDealer makes use of the commercial rooting app "Baidu Easy Root" to gain root privilege and maintain persistence on the compromised device.
Palo Alto Networks researchers discovered an Android malware which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. "SpyDealer" uses exploits from a commercial rooting app to gain root privilege and has culled private data from Facebook, WeChat, Skype, WhatsApp, the Firefox browser, and more. SpyDealer makes use of the commercial rooting app "Baidu Easy Root" to gain root privilege and maintain persistence on the compromised device.