Chinese Fireball malware infects over 250 million PCs worldwide

Security researchers are warning users about a dangerous new form of malware dubbed Fireball that has already infected 250 million computers worldwide.

The malware, dubbed Fireball, was discovered by CheckPoint security and is already present on 20 percent of world’s corporate networks, the company said.

According to security firm CheckPoint, Fireball takes over your internet browser and is capable of launching unauthorised tasks, like downloading files containing even more malware onto your machine.

It can also hijack your web traffic in order to generate fraudulent ad revenue. …

Fireball works by installing a plugin that boosts the advertisements belonging to Rafotech, which generates fraudulent clicks and fake web traffic.

Fireball Global Infection Rates (darker pink = more infections)

India, Brazil and Mexico are the countries with most infections of Fireball and there have also been 5.5 million infections found in the United States. It is not known how many infections are in Thailand but Check Point said there had been some instances of Fireball infecting computers in the kingdom. …

Source: Chinese Fireball malware infects 250 million PCs worldwide – here’s how to check if your PC is infected

Share

Millions of people have downloaded a nasty smartphone virus

Android owners have been put on high alert after researchers identified a new virus that has been downloaded more than two million times.

The malware is called Falseguide and is hidden in apps found on Google Play, the online store where Android users download new software.

The virus lurks inside apps which appear to be guides to popular games.

Once victims download these apps, their phones are infected.

Currently, the Russian hackers behind the malware appear to be trying to build a botnet – a large group of hacked devices which can be controlled as one and used to perform hack attacks against websites and other targets. …

Source: Millions of people have downloaded a nasty smartphone virus and YOU could be its next victim

Share

Hajime IoT malware looks more sophisticated than Mirai

The Mirai malware took control of poorly secured IoT devices, creating a large botnet that was used in a DDoS attack against DNS provider Dyn, which in turn took down a large portion of the internet last year. …

Hajime is yet another malware which is taking over poorly secured IoT devices. However, this malware works in a very different way than Mirai, which also makes it harder to stop.

The Mirai malware takes orders from command and control servers. While this is a typical method used by malware, it also provides a method to combat the botnet. Internet service providers have been cutting off access to these C&C servers when they are found. Hajime doesn’t suffer this weakness.

Instead of using C&C servers, Hajime instead communicates via a peer-to-peer network utilizing tools used in BitTorrent. This makes blocking communications that much harder, if not impossible. …

Source: You Thought Mirai Was Bad? Meet Hajime. – UTB Blogs

Share

Leaked NSA Malware Puts Windows Computers At Risk

A group of hackers have released malware made by the NSA that puts all computers running Windows at risk of being hacked.

The Shadow Brokers hacking group claimed in a blog post on Friday that it had obtained US National Security Agency tools that enable them to steal users’ data.

Friday’s blog post included downloads to potent exploits and hacking tools that target most versions of Microsoft Windows, and included evidence of hacks on the SWIFT banking system of several banks around the globe.

The group directed  visitors to download files and codes that revealed previously undisclosed computer exploits made by the NSA—known as zero-day exploits—that experts have warned are likely to cause chaos around the world in the coming weeks. …

Source: Leaked NSA Malware Puts All Windows Computers At Risk

Share

Deutsche Telekom warns of spam mails disguised as an invoice

Criminals are currently sending out fake telecom bills which contain links to dangerous malware and are difficult to detect as a fake.

Currently, Deutsche Telekom warns its customers of dangerous spam mails. Criminals are sending out fake telecom bills. Clicking on a link will download a javascript file which is used to pollute your PC with malicious software.

Telekom advises not to click on the link and delete the email immediately. …

Source: Telekom warnt vor Spam-Mails getarnt als Rechnung – connect

Share

Brickerbot Shows Why We Need a Secured IoT

There’s a new malware which is destroying IoT devices.

A security researcher at cybersecurity company Radware, has discovered a new malware. This malware, dubbed Brickerbot, is not your typical malware. It’s not trying to steal your information, or take control of your device, no, it just wants to break it.

The malware works much like the Mirai botnet that took down much of the internet last year. It searches the internet for vulnerable devices IoT devices running embedded versions of Linux. Once found, it carries out a “permanent denial of service” attack. This bricks the device altogether. …

Luckily, someone is working to change this. It was just earlier this month that John Chen wrote, “‘Is a securely connected world really possible?’. Yes it is and, not only is it possible, it is a category that BlackBerry is bringing definition to and providing leadership in. We recognize that security is a cat and mouse game, requiring constant investment and innovation and that is what we do, day in, day out. “

Source: Brickerbot Shows Why We Need a Secured IoT – UTB Blogs

Share

Notorious iOS spyware, Pegasus, has an Android sibling

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

Users were probably tricked into downloading the malicious coding, perhaps though a phishing attack. Once it installs, the spyware can act as keylogger, and steal data from popular apps such as WhatsApp, Facebook and Gmail. …

Source: Notorious iOS spyware, Pegasus, has an Android sibling

Share

New Android ransomware bypasses all antivirus programs

New Android ransomware bypasses all antivirus programs. Infection continues even after the victim pays the ransom.

The Zscaler ThreatLabZ team has found a new variant of Android Ransomware. What makes this variant particularly scary is that it evaded all the antivirus programs tested against it at the time of writing this blog. During our investigation, we uncovered some other interesting findings.

One of the targeted apps is called ‘OK’, and it’s one of the most popular Russian entertainment social network apps. The targeted legitimate app is available on the Google Play Store and has between 50,000,000 – 100,000,000 installs. It is important to note that the OK app available on Google Play Store is NOT malicious. Fortunately, we haven’t yet spotted the new ransomware strain on the Google Play Store, but as you’re about to read, the techniques leveraged by this malware improve the chances for the payload to make it on the Google Play Store.

What happens when the malicious package is installed?

Similar to the aggressive adware samples found in Google Play Store that we covered in our blog last week, this malware stays silent for the first four hours after it is installed, allowing the original app to operate without any interference. This technique also allows the ransomware to evade antivirus engines as the app is executed. After four hours, users will see a prompt to add a device administrator as shown below.

Even if a user presses the Cancel button, the prompt reappears quickly, preventing the user from taking any other action or uninstalling the app. As soon as a user presses the Activate button, the screen will be locked and a full-screen ransom note will be displayed. …

Source: New Android ransomware bypasses all antivirus programs

Share

New Word macro malware infects macOS and Windows

Another form of Microsoft Word malware that infects both macOS and Windows machines has been detected.

The malicious VBA (Visual Basic for Applications) code is buried in a Word document macro and automatically adapts its attack depending on the operating system used. Once installed, it can be used to download more payload files to your computer. …

Because the attack is disguised as an innocent Word macro, it goes undetected until it is too late. If you’ve told your computer to open macros automatically, malicious code can be executed before you have any idea it’s there. …

Source: New Word macro malware infects macOS and Windows

Share