Dynamer malware turns on God ModeA malware strain called Dynamer [1] has taken advantage of a Windows easter egg known as God Mode to improve its persistence, McAfee reports [2].The God Mode string lets users create a folder containing shortcuts to all available control panel settings, a feature that was likely intended to help with debugging. Dynamer abuses God Mode by appending a modified version of the string to the folder containing its registry key, while also prepending the folder name with ‘com4’ - which tells Windows that it is a device. This trick means that the folder containing the Dynamer registry key will redirect to an empty control panel when opened, while the folder itself cannot be deleted normally through Explorer because it is classified as a device.Mobile malware competition heats upIBM researchers found [3] that competition has driven down the price on mobile malware strains like Bilal, Cron and KNL.With the banning of one of GM Bot’s [4] major distributors after a price hike, other vendors have stepped in to offer alternatives to the infamous malware. Most of these purport to offer a high amount of persistence, intercepting/sending SMS, making and forwarding calls and locking phones. Some, such as Bilal, also allow controllers to configure overlay screens for phishing purposes.Unlike GM Bot which has a price tag of $15,000, other types of mobile malware are available from $3000-$6000, although the newer Cron Bot costs up to $7000 per month. If the variety of available mobile malware isn’t indicative of the success of the MaaS model, these prices certainly are.Anonymous hit Kenyan governmentAnonymous has breached the foreign ministry of Kenya’s servers, stealing a trove of documents, some of which are confidential.The attack took place as part of the #OpAfrica [5] campaign, which is intended to protest against corruption and child abuse in African countries. According to one of the Anonymous hackers, the group stole a terabyte of data from Kenyan government servers and has released a part of that on the dark web. The leaked information includes internal business emails and security alerts from IT but not usernames or passwords.It’s expected that a full release of these files will happen relatively soon.Major sites infected with AnglerCyphort Labs [6] has reported that highly ranked websites such as Teepr and Yourstory have recently been infected with the Angler exploit kit [7], potentially serving hundreds of thousands of machines with malware.The latest site compromised by Angler is Teepr, a popular Taiwanese news site that receives nearly 2 million page views and 800,000 unique visits per day. Though the website is now malware-free, Angler was dropping the Bedep trojan on the 25th, which would download the Pony datastealer or CryptXXX ransomware onto infected machines.Australian Gumtree users’ data leakedPersonal information belonging to Gumtree [8] users in Australia were compromised by one of more hackers last weekend.Gumtree has revealed that hackers accessed email addresses and phone numbers, along with other publicly viewable data, but no payment information was compromised. The case has been passed on to the federal police for further investigation. The Silobreaker Team
[1] https://my.silobreaker.com/View360.aspx?Item=11_1003377228&q=keyphrase%3a%22Dynamer+Malware%22&rd=true
[2] https://blogs.mcafee.com/mcafee-labs/malware-takes-advantage-of-windows-god-mode/
[3] https://securityintelligence.com/mobile-malware-competition-rises-in-underground-markets/
[4] https://my.silobreaker.com/view360.aspx?item=11_811775792#?q=Keyphrase:%22GM%20Bot%22
[5] https://my.silobreaker.com/view360.aspx?item=11_961400008#?q=Keyphrase:%22OpAfrica%22
[6] http://www.cyphort.com/teepr-com-yet-another-top-alexa-site-spreading-ransomware/
[7] https://my.silobreaker.com/View360.aspx?Item=11_657356627&q=keyphrase%3a%22Angler+Exploit+Kit%22&rd=true
[8] https://my.silobreaker.com/view360.aspx?item=11_438742820#?q=Company:%22Gumtree%20Australia%22
↧