Malware Watch - W/E - 11/2/18
Emotet Trojan Adds Email Exfiltration Feature to Its Arsenal (11/01/2018)
The scientists at Kryptos Logic warned of new capabilities in the Emotet banking Trojan. A new module adds email exfiltration features in an effort to harvest email messages. The module can be deployed in any existing Emotet infected systems. According to the researchers, at least tens of thousands of machines are infected with this malware.
The scientists at Kryptos Logic warned of new capabilities in the Emotet banking Trojan. A new module adds email exfiltration features in an effort to harvest email messages. The module can be deployed in any existing Emotet infected systems. According to the researchers, at least tens of thousands of machines are infected with this malware.
Fallout Exploit Kit Serves Up Kracken Cryptor Ransomware (11/01/2018)
McAfee, in its work with Recorded Future's researchers, has uncovered evidence that the authors of the Kracken Cryptor ransomware asked the Fallout Exploit Kit (EK) team to be added to its EK. Fallout is known for dropping the GandCrab ransomware. Kracken offers a fast encryption speed, makes recovering data impossible without paying, and uses a hybrid combination of encryption algorithms. McAfee also noted that the user associated with the Kraken ransomware has a paid account on an underground forum, which means that the individual may not be trusted in the hacker community. Typically, malware developers who offer services such as ransomware are highly trusted members and are vetted by other high-level forum members.
McAfee, in its work with Recorded Future's researchers, has uncovered evidence that the authors of the Kracken Cryptor ransomware asked the Fallout Exploit Kit (EK) team to be added to its EK. Fallout is known for dropping the GandCrab ransomware. Kracken offers a fast encryption speed, makes recovering data impossible without paying, and uses a hybrid combination of encryption algorithms. McAfee also noted that the user associated with the Kraken ransomware has a paid account on an underground forum, which means that the individual may not be trusted in the hacker community. Typically, malware developers who offer services such as ransomware are highly trusted members and are vetted by other high-level forum members.
New File Types Abused by Spammers to Spread Malware (10/30/2018)
Trend Micro identified new file types being used in malware-related spam campaigns. These include ARJ and .Z files as well as .IQY, .PUB, and SettingContent-ms. Trend Micro has also warned that .PDF files continue to be used to distribute spam.
Trend Micro identified new file types being used in malware-related spam campaigns. These include ARJ and .Z files as well as .IQY, .PUB, and SettingContent-ms. Trend Micro has also warned that .PDF files continue to be used to distribute spam.
New Variant of Trickbot Includes Passord Grabber Module (11/01/2018)
A password grabbing module has been added to the Trickbot banking Trojan to give the malware the ability to steal access from various applications, the researchers at Trend Micro have advised. This Trickbot variant has been seen in attacks in the US, Canada, and the Philippines and is swiping information from various browsers, including Chrome, Firefox, Internet Explorer, and Microsoft Edge.
A password grabbing module has been added to the Trickbot banking Trojan to give the malware the ability to steal access from various applications, the researchers at Trend Micro have advised. This Trickbot variant has been seen in attacks in the US, Canada, and the Philippines and is swiping information from various browsers, including Chrome, Firefox, Internet Explorer, and Microsoft Edge.
Outlaw Hackers Launch Attacks with Perl Shellbot (11/01/2018)
A new threat entity, identified by Trend Micro as "Outlaw," uses an Internet Relay Chat bot built with Perl Shellbot, a Trojan file. The group distributes the bot by exploiting a common command injection vulnerability on Internet of Things devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.
A new threat entity, identified by Trend Micro as "Outlaw," uses an Internet Relay Chat bot built with Perl Shellbot, a Trojan file. The group distributes the bot by exploiting a common command injection vulnerability on Internet of Things devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.
Patched Office Bug Exploited to Spew Malware (10/30/2018)
A weakness that was discovered in Microsoft Office 2007, 2010, 2013, and 2016 by Check Point Software's team in April 2017 received a patch, but an exploit of the vulnerability has been found in the wild and is being used to spread a new malware that drops AgentTesla and Loki. The malware's capabilities include stealing a user's login information via Google Chrome, Mozilla Firefox, Microsoft Outlook and others, capturing screenshots, recording Webcams, and enabling the attacker to install additional malware on infected machines. The malware has highly evasive obfuscation techniques making it difficult to detect. Users should apply all available patches to mitigate risks.
A weakness that was discovered in Microsoft Office 2007, 2010, 2013, and 2016 by Check Point Software's team in April 2017 received a patch, but an exploit of the vulnerability has been found in the wild and is being used to spread a new malware that drops AgentTesla and Loki. The malware's capabilities include stealing a user's login information via Google Chrome, Mozilla Firefox, Microsoft Outlook and others, capturing screenshots, recording Webcams, and enabling the attacker to install additional malware on infected machines. The malware has highly evasive obfuscation techniques making it difficult to detect. Users should apply all available patches to mitigate risks.
SamSam Ransomware Continues to Focus on US Companies, Healthcare Industry (10/30/2018)
The criminals behind the SamSam ransomware have continued to launch attacks throughout 2018, most of which have been concentrated in the US. Symantec found evidence of attacks against 67 different organizations throughout the year and noted that the healthcare industry has been the most targeted sector, accounting for 24% of attacks. SamSam specializes in targeted ransomware attacks.
The criminals behind the SamSam ransomware have continued to launch attacks throughout 2018, most of which have been concentrated in the US. Symantec found evidence of attacks against 67 different organizations throughout the year and noted that the healthcare industry has been the most targeted sector, accounting for 24% of attacks. SamSam specializes in targeted ransomware attacks.