Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics -

    We found malicious apps on Google Play trying to drop a banking malware payload on unsuspecting users. Motion sensor data was used to evade detection.

    The post Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics appeared first on .

  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain -

    On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands. Trend Micro’s machine learning and behavioral detection technologies proactively blocked the malicious code at the time of discovery (detected as Downloader.JS.TRX.XXJSE9EFF010).

    The activities are unusual, as the group is known for injecting code into a few compromised e-commerce websites then keeping a low profile during our monitoring. Further research into these activities revealed that the skimming code was not directly injected into e-commerce websites, but to a third-party JavaScript library by Adverline, a French online advertising company, which we immediately contacted.

    The post New Magecart Attack Delivered Through Compromised Advertising Supply Chain appeared first on .

  • Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers -

    In our research, we found that it is possible to perform attacks within or out of RF range. For remote attackers out of the transmission range, there are two possibilities: be a truly remote attacker and do a computer-borne attack (that is, to take control of a computer used to software-program or -control the RF devices), or have temporary physical access to the facility to drop a battery-powered, pocket-sized embedded device for remote access. As a proof of concept (PoC), we developed such a device to show the feasibility.

    The post Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers appeared first on .

  • January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities -

    Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.

    The post January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities appeared first on .

  • Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users -

    We recently discovered an active adware family (detected by Trend Micro as AndroidOS_HidenAd) disguised as 85 game, TV, and remote control simulator apps on the Google Play store. This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background. The 85 fake apps have been downloaded a total of 9 million times around the world.

    The post Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users appeared first on .

  • Spyware Disguises as Android Applications on Google Play -

    Spyware disguised itself as legitimate Android applications to steal information from users. Some malicious apps were already downloaded over 100,000 times by users from all over the world.

    The post Spyware Disguises as Android Applications on Google Play appeared first on .

  • With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit -

    We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Aside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. The aforementioned variants all use factory default credentials via Telnet to brute force their way in and spread to other devices.

    The post With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit appeared first on .

  • Android Wallpaper Apps Found Running Ad Fraud Scheme -

    Analyzed 15 malicious wallpaper apps we found on Google Play Store running click ad fraud schemes. The apps recorded over 200,000 downloads worldwide — our telemetry shows infection to be the highest in some countries in Europe, the US, and Asia — before they were removed.

    The post Android Wallpaper Apps Found Running Ad Fraud Scheme appeared first on .

  • URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader -

    We analyzed samples of EMOTET, URSNIF, DRIDEX and BitPaymer and found similar payload loaders and internal data structures, possibly implying that these different groups are familiar with and are working closely together.

    The post URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader appeared first on .

  • Cybercriminals Use Malicious Memes that Communicate with Malware -

    Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it's downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.

    The post Cybercriminals Use Malicious Memes that Communicate with Malware appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin