Malware
Kronos Banking Trojan used to deliver new PoS malware
A new email campaign has been spotted distributing the Kronos banking trojan [1], which is acting as a loader for a new Point-of-Sale (PoS) malware known as ScanPoS [2]. The campaign is targeting British and American verticals across a variety of industries including hospitality, higher education, financial services and healthcare. Within the email is a malicious document that downloads one of three payloads. One of these is ScanPOS, which exfiltrates credit card numbers via HTTP. Full Proofpoint report here [3].
CryptoLuck Ransomware distribution
A new ransomware variant known as CryptoLuck [4] is being distributed by the RIG-E Exploit Kit [5]. Currently disseminated through malvertising on adult-content web sites, CryptoLuck infects victims through a legitimate GoogleUpdate.exe executable by using DLL hijacking. More information. [6]
Raxir Spyware
Spyware thought to have been created by Hacking Team [7] is now believed to have been made by a small tech start-up in Naples called Raxir [8]. Raxir is a surveillance firm that provides software designed to support investigations. The spyware in question can record video and audio, steal data, take screenshots, and turn GPS functions on and off. There is an ongoing investigation following the discovery of the software on a government employee’s device. More information. [9]
Trending Vulnerabilities
Secret backdoor in Android devices sent data to a server in China
Kryptowire [10] researchers have found firmware in numerous Android smartphones that can covertly install applications and gather user data, sending it back to a server in China. The firmware is managed by Shanghai Adups Technology Co [11], which manufactures and sells the FOTA (Firmware Over The Air [12]) update software system included with many low-end Android models. More information. [13]
General News
UK iPhone users hit with large-scale smishing campaign
Apple users in the UK have been warned of a large-scale smishing campaign that’s being used to acquire Apple ID usernames and passwords. Victims receive a message stating that their account has been blocked and a link is provided to ‘amend’ the issue. The link takes the victim to a fake Apple ID site where their username, password and passport number are requested. More information. [14]
Zuckerberg hacked again
Hacker group OurMine [15] have claimed responsibility for defacing another one of Mark Zuckerberg’s online accounts. On this occasion, the group attacked the Facebook founder's Pinterest account, changing the bio of his page to read “Don’t worry, we are just testing your security”. OurMine have not said how the attack was possible but claim to possess an “exploit on Pinterest”. More information. [16]
Scientists working on CPU that can detect malware at hardware level
After receiving a research grant of $275,000 from the National Science Foundation, two teams from the Universities of California Riverside and Binghamton are working on a CPU that can detect malware. The CPU will be able to detect anomalies in running processes and then alert anti-virus software that something is wrong. More information. [17]
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_754385174#?q=Malware:%22Kronos%20Trojan%22&rd=true
[2] https://my.silobreaker.com/view360.aspx?item=11_628565215#?q=Malware:%22ScanPOS%22&rd=true
[3] https://www.proofpoint.com/us/threat-insight/post/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware
[4] https://my.silobreaker.com/view360.aspx?item=11_1116249872#?q=Malware:%22CryptoLuck%20Ransomware%22&rd=true
[5] https://my.silobreaker.com/view360.aspx?item=11_741119288#?q=Keyphrase:%22RIG%20Exploit%20Kit%22&rd=true
[6] http://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being-malvertised-via-rig-e-exploit-kits/
[7] https://my.silobreaker.com/view360.aspx?item=11_314866779#?q=Company:%22Hacking%20Team%22&rd=true
[8] https://my.silobreaker.com/view360.aspx?item=11_1116374999#?q=Company:%22Raxir%22&rd=true
[9] https://motherboard.vice.com/read/malware-hunters-catch-new-android-spyware-raxir
[10] https://my.silobreaker.com/view360.aspx?item=11_805402047#?q=Company:%22KryptoWire%22&rd=true
[11] https://my.silobreaker.com/view360.aspx?item=11_1116230107#?q=Company:%22Shanghai%20Adups%20Technology%20Co%20Ltd%22&rd=true
[12] https://my.silobreaker.com/view360.aspx?item=11_134846578#?q=Keyphrase:%22Firmware%20Over%20The%20Air%22&rd=true
[13] http://www.kryptowire.com/adups_security_analysis.html
[14] http://www.scmagazineuk.com/uk-iphone-users-hit-by-large-scale-smishing-campaign/article/573007/
[15] https://my.silobreaker.com/View360.aspx?Item=11_889029636#?q=ThreatActor:%22OurMine%20Team%22
[16] http://uncova.com/facebooks-mark-zuckerberg-hacked-again-cnet
[17] http://www.bleepingcomputer.com/news/security/scientists-working-on-a-cpu-that-can-detect-malware-at-the-hardware-level/
↧