trojan horses – WindowsTechs.com

Bogus Pokémon GO guide app roots Android devices

Posted on September 16, 2016 by Zeljka Zorz

The popularity of Pokémon GO is apparently on the wane, but there are still more than enough players to make it a good lure for cyber crooks. In fact, fake apps like the “Guide For Pokémon Go New” recently spotted on Google Play can end up being downloaded by as many as half a million users. At least 6,000 users ended up installing and running it, Kaspersky Lab researcher Roman Unuchek notes, and additional victims … More → Continue reading Bogus Pokémon GO guide app roots Android devices→

Mirai Linux Trojan corrals IoT devices into DDoS botnets

Posted on September 7, 2016 by Zeljka Zorz

Mirai, a newly discovered and still poorly detected piece of Linux malware, is being used to rope IoT devices into DDoS botnets. Researchers from MalwareMustDie have recently gotten their hands on several variants of the threat, and have discovered the following things: It comes in the form of an ELF file (typical for executable files in Unix and Unix-like systems) It targets mostly routers, DVR or WebIP cameras, Linux servers, and Internet of Things devices … More → Continue reading Mirai Linux Trojan corrals IoT devices into DDoS botnets→

Gugi banking Trojan outsmarts Android 6 security

Posted on September 7, 2016 by Help Net Security

A modification of the Gugi banking Trojan that can bypass Android 6 security features designed to block phishing and ransomware attacks. The modified Trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls and more. The Gugi Trojan’s aim is to steal users’ mobile banking credentials by overlaying their genuine banking apps with phishing apps and to seize credit card details by overlaying the Google Play Store … More → Continue reading Gugi banking Trojan outsmarts Android 6 security→

Betabot steals passwords, downloads ransomware

Posted on September 2, 2016 by Zeljka Zorz

The infamous and ever-changing Betabot information-stealing Trojan is back again, and has been observed downloading another well-known threat – the Cerber ransomware. Of course, before doing that, Betabot does its own routine, and slurps all passwords stored in all local browsers. Weaponized resumes According to Patrick Belcher, Senior Director of Threat Research at Invincea, Betabot was first being delivered to unsuspecting users via the Neutrino Exploit Kit. Lately, though, the meticulous crooks behind this scheme … More → Continue reading Betabot steals passwords, downloads ransomware→

Ramnit Trojan rides again, targets customers of six major UK banks

Posted on August 26, 2016 by Zeljka Zorz

The infamous Ramnit Trojan is on the prowl again, and this time it targets personal banking customers of six unnamed UK banks. The Trojan has not changed much since we last saw it targeting banks and e-commerce sites in Canada, Australia, the USA, and Finland in December 2015: it still uses the same encryption algorithms, and the same (but updated) data-grabbing, web-injection, and file-exfiltrating modules (the latter is after files with interesting keywords, like ‘wallet’, … More → Continue reading Ramnit Trojan rides again, targets customers of six major UK banks→

New method for detecting hardware Trojans

Posted on August 15, 2016 by Help Net Security

Modern computer chips are made up of hundreds of millions – often billions – of transistors. Such complexity enables the smartphone in your back pocket to perform all manner of powerful computations, but it also provides lots of places for tiny malicious circuits, known as hardware Trojans, to hide. Magnifying this security risk is the increasingly distributed and globalized nature of the hardware supply chain, which makes it possible for a Trojan to be introduced … More → Continue reading New method for detecting hardware Trojans→

Financial malware attacks increase as malware creators join forces

Posted on August 12, 2016 by Help Net Security

Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware. Banking Trojans remain the most dangerous online threats. … More → Continue reading Financial malware attacks increase as malware creators join forces→

Bart ransomware victims get free decryptor

Posted on July 21, 2016 by Zeljka Zorz

AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free). Bart ransomware This particular piece of malware was first spotted in late June, being delivered via spam emails sent out by the Necurs botnet – the botnet that’s responsible for the onslaught of Locky ransomware and the Dridex Trojan. Bart is not your typical crypto ransomware as it doesn’t encrypt victims’ files. … More → Continue reading Bart ransomware victims get free decryptor→

Ammyy Admin remote admin tool repeatedly bundled with Trojans

Posted on July 20, 2016 by Zeljka Zorz

The website of the company that develops the popular remote administration software Ammyy Admin has been repeatedly compromised in the last year or so, and users who downloaded the tool were saddled with malware. First it was the Lurk banking Trojan that was bundled with the remote administration tool. Then, after June 1, the Fareit info-stealing Trojan. The change coincided with the news that the creators of Lurk had been arrested, making Kaspersky Lab researchers … More → Continue reading Ammyy Admin remote admin tool repeatedly bundled with Trojans→

Android Trojan prevents victims from calling their banks

Posted on July 15, 2016 by Zeljka Zorz

Some malware prevents victims to visit sites from which they could download antivirus software, or kills AV software found running on the infected machines and devices. Newer variants of the backdoor-opening, information-stealing FakeBank Android Trojan uses another tactic to prevent victims from protecting themselves and their bank accounts: it blocks calls to their bank. “Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an … More → Continue reading Android Trojan prevents victims from calling their banks→