Dr.Web – WindowsTechs.com

Tracing the Supply Chain Attack on Android

Posted on June 25, 2019 by BrianKrebs

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. Continue reading Tracing the Supply Chain Attack on Android→

Multisandbox update to Dr.Web vxCube 1.2 brings Android analysis

Posted on February 25, 2019 by Karl Hiramoto

The multi-sandbox project is under continual improvement. In June 2018, we announced our integration with Dr.Web vxCube. Today we are happy to announce an update to Dr.Web vxCube that adds support for Android. With more than 2 billion active android de… Continue reading Multisandbox update to Dr.Web vxCube 1.2 brings Android analysis→

Multisandbox project welcomes Dr.Web vxCube

Posted on June 5, 2018 by Emiliano Martinez

The multisandbox project keeps growing, short after the integration of Tencent Habo, VirusTotal Droidy and Cyber adAPT ApkRecon we are now welcoming Dr.Web vxCube. What is most exciting about this integration is that not only does it run executables, b… Continue reading Multisandbox project welcomes Dr.Web vxCube→

Trojanized Android firmware & how to check Android apps for unencrypted data

Posted on May 30, 2018 by David Harley

Trojanized firmware found in 141 low-cost Android devices, and checking whether Android apps send unencrypted data.
The post Trojanized Android firmware & how to check Android apps for unencrypted data appeared first on Security Boulevard.
Continue reading Trojanized Android firmware & how to check Android apps for unencrypted data→

Global ransomware attacks tiptoed around Russian anti-virus products

Posted on October 30, 2017 by Chris Bing

Those responsible for two of the largest ransomware attacks of 2017 designed their malware to carefully handle computers with Russian anti-virus products installed, security researchers have told CyberScoop. For the third time in less than six months, a ransomware-style cyberattack spread across Eastern Europe in a matter of hours. The attack, dubbed “BadRabbit,” infected computers inside Ukrainian and Russian government agencies, Ukrainian transportations facilities and Russian news outlets among other targets; causing a disruption in normal business operations that continues for some until today. Although most of BadRabbit’s impact occurred in Russia, there’s evidence that the malware compromised organizations in several countries other than Ukraine, including Japan and Turkey. The virus, when successfully installed, will encrypt files and then request a payment in the form of Bitcoin from victims in order to unlock their systems. Experts say there’s likely more to the story than a simple ransom collection. An investigation into […]

The post Global ransomware attacks tiptoed around Russian anti-virus products appeared first on Cyberscoop.

Continue reading Global ransomware attacks tiptoed around Russian anti-virus products→

Raspberry Pi Malware Mines BitCoin

Posted on June 8, 2017 by Al Williams

According to Russian security site [Dr.Web], there’s a new malware called Linux.MulDrop.14 striking Raspberry Pi computers. In a separate posting, the site examines two different Pi-based trojans including Linux.MulDrop.14. That trojan uses your Pi to mine ~~BitCoins~~ some form of cryptocurrency. The other trojan sets up a proxy server.

According to the site:

Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64. Once launched, the script shuts down several processes and installs libraries required for its operation. It also installs zmap and sshpass.

It changes the password of the