Malware Watch - W/E - 2/8/19
Campaign Exploits Linux Servers, Dumps Stealthy SpeakUp Trojan (02/04/2019)
Check Point Software's researchers spotted a campaign exploiting Linux servers to implant a new backdoor which evades all security vendors. The Trojan, named "SpeakUp," exploits known vulnerabilities in six different Linux distributions. The attack is expanding and targeting servers in East Asia and Latin America, including Amazon AWS hosted machines. SpeakUp acts to propagate internally within the infected subnet, and beyond to new IP ranges, exploiting remote code execution vulnerabilities.
Check Point Software's researchers spotted a campaign exploiting Linux servers to implant a new backdoor which evades all security vendors. The Trojan, named "SpeakUp," exploits known vulnerabilities in six different Linux distributions. The attack is expanding and targeting servers in East Asia and Latin America, including Amazon AWS hosted machines. SpeakUp acts to propagate internally within the infected subnet, and beyond to new IP ranges, exploiting remote code execution vulnerabilities.
Fake South Korean Bus App Series Dropped Malware to Android Devices (02/06/2019)
A malicious Android app was discovered by McAfee masquerading as a plugin for a transportation application series created by a South Korean developer. There are a total of four apps in the series, with three of them available on Google Play since 2013. The malware was written with targeted attacks in mind and searched victim devices for files related to the military and politics. The apps have since been removed from Google Play.
A malicious Android app was discovered by McAfee masquerading as a plugin for a transportation application series created by a South Korean developer. There are a total of four apps in the series, with three of them available on Google Play since 2013. The malware was written with targeted attacks in mind and searched victim devices for files related to the military and politics. The apps have since been removed from Google Play.
Tech Support Scams Trick Users into Installing Potentially Unwanted Programs (02/06/2019)
Tech support scams have upped the ante by tricking victims into installing a potentially unwanted application (PUA) rather than urging them to call a support helpline. Symantec learned that the scam typically begins after a victim has visited a malicious Web site or is redirected to one through malvertising. The scam prompts the victim to approve a fake 10-second scan of the supposedly infected computer. At the end of the fake scan, the victim is informed that the PC is indeed infected and then asked to download and install an update to their antivirus software. Once the user clicks, a PUA is downloaded and installed onto the victim's computer.
Tech support scams have upped the ante by tricking victims into installing a potentially unwanted application (PUA) rather than urging them to call a support helpline. Symantec learned that the scam typically begins after a victim has visited a malicious Web site or is redirected to one through malvertising. The scam prompts the victim to approve a fake 10-second scan of the supposedly infected computer. At the end of the fake scan, the victim is informed that the PC is indeed infected and then asked to download and install an update to their antivirus software. Once the user clicks, a PUA is downloaded and installed onto the victim's computer.
Tibet Group Targeted by Cyber Spy Entity Pushing out ExileRAT (02/05/2019)
A malware campaign is delivering a poisoned PowerPoint document using a mailing list run by the Central Tibetan Administration, an organization officially representing the Tibetan government-in-exile. Cisco's Talos researchers suspect that the campaign is being conducted for cyber espionage purposes but it's not known who is behind it. The malicious PPSX file is used as the dropper to allow the attacker to execute various JavaScript scripts to download the payload, which is the ExileRAT malware.
A malware campaign is delivering a poisoned PowerPoint document using a mailing list run by the Central Tibetan Administration, an organization officially representing the Tibetan government-in-exile. Cisco's Talos researchers suspect that the campaign is being conducted for cyber espionage purposes but it's not known who is behind it. The malicious PPSX file is used as the dropper to allow the attacker to execute various JavaScript scripts to download the payload, which is the ExileRAT malware.