Beware! A New Linux Malware From Russian Hackers Is Stealing Data
|
| |
fossbytes.com ^
| By Anmol Sachdeva - August 14, 2020
he National Security Agency (NSA) and FBI have issued a warning against a new Linux malware dubbed “Drovorub” that is believed to have been developed by Russian military hackers. According
to a report based on data collected by the agencies, the Linux malware strain is the work of APT28, a notorious hacking group from military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). The intention behind spreading the malware is espionage and stealing secrets from the public sector and IT companies. Drovorub Linux Malware Drovorub Linux malware, as per the two agencies,...
|
|
|
Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
|
| |
justice.gov ^
| July 31, 2020 | Department of Justice
Cybercrime Organization Victimized Millions in all 50 States and Worldwide in One of the Largest Cyberfraud Enterprises Ever Prosecuted by the Department of Justice An author of malicious computer software and a member of the Infraud Organization pleaded guilty today to RICO conspiracy, announced Acting Assistant Attorney General Brian C. Rabbitt
of the Justice Department’s Criminal Division. Valerian Chiochiu, aka “Onassis,†“Flagler,†“Socrate,†and “Eclessiastes,†30, pleaded guilty before U.S. District Court Judge James C. Mahan in the District of Nevada.  Chiochiu is a national of the Republic of Moldova, but resided in the United States during the period of...
|
|
|
A Multinational Tech Company Installed Software To Pay Taxes In China, Then Discovered Malware Inside
|
| |
Hotair ^
| 06/25/2020 | John Sexton
This report from NBC News never names the multinational corporation involved but it is not a Chinese company. However
because it does do business in China, it was required to pay local taxes. A Chinese bank asked the company to install a piece of software to facilitate paying those taxes, but within hours the company’s entire system had been compromised with sophisticated software. The tax software was legitimate, but embedded inside it was a nasty surprise, according to a new report by a private security firm: A sophisticated piece of malware that gave attackers complete access to the company’s...
|
|
|
Microsoft uses its expertise in malware to help with fileless attack detection on Linux
|
| |
The Register ^
| Feb 25, 2020 | Richard Speed
Aw, how generous Hey, Linux fans! Microsoft
has got your back over fileless threats. Assuming you've bought into the whole Azure Security Center thing.Hot on the heels of a similar release for Windows (if by "hot" you mean "nearly 18 months after") comes a preview aimed at detecting that breed of malware that inserts itself into memory before attempting to hide its tracks.A fileless attack tends to hit via a software vulnerability, inject a stinky payload into an otherwise fragrant system process and then lurk in memory. The malware also attempts to remove any trace of itself on disk, which...
|
|
|
Chinese woman caught at Mar-a-Lago with malware was apparently asked to target Clintons: docs
|
| |
Fox News ^
| October 03 2019 | Vandana Rambaran
A Chinese businesswoman who was convicted of trespassing at President Trump's Mar-a-Lago resort in Florida earlier this year had been urged by her handler to target other famous figures including the Clintons and billionaire businessman Warren Buffett, court documents say. Yujing
Zhang, 33, who is scheduled to be sentenced on Nov. 22, was caught by Secret Service agents with troves of technology embedded with malware and thousands of dollars in cash after she claimed that she was at Trump's prestigious club to attend a “United Nations friendship event” that had apparently been canceled. Her bizarre behavior and backstory led to...
|
|
|
AT&T employees took bribes to plant malware on the company's network
|
| |
zdnet.com ^
| August 6, 2019 | Catalin Cimpanu for Zero Day
AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday. These
details come from a DOJ case opened against Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, believed to be deceased. The DOJ charged the two with paying more than $1 million in bribes to several AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington. OPERATING SINCE 2012 The bribery scheme lasted from at least April 2012 until September 2017. Initially, the two Pakistani men bribed...
|
|
|
New Mac malware in the wild evades security software, researchers
|
| |
MacDailyNews ^
| July 1, 2019
New Mac malware in the wild evades security software, researchers Roger Fingas for AppleInsider: Newly uncovered Mac malware is not only in the wild, but trying to avoid detection by security researchers, according to one such firm. Dubbed
“CrescentCore,” the malware comes as it usually does —in the form of a DMG file pretending to be an Adobe Flash Player installer, Intego said. If someone launches its contents, the software will check to see if it’s running inside a virtual machine — a way researchers often quarantine their subjects. The malware also checks for several popular antivirus tools, and if...
|
|
|
Hacking 'hero' Marcus Hutchins pleads guilty to US malware charges
|
| |
BBC ^
| 19 April 2019
A British man hailed as a hero for stopping a global cyber-attack that was threatening the NHS has pleaded guilty to US malware charges. Marcus
Hutchins, 24, has pleaded guilty to two charges related to writing malware - or malicious software - court documents show. Writing on his website, Hutchins said he regretted his actions and accepted "full responsibility for my mistakes". Hutchins has been held in the US since he was arrested by the FBI in 2017. "As you may be aware, I've pleaded guilty to two charges related to writing malware in the years prior to my career...
|
|
|
Dangerous Android malware comes to the iPhone
|
| |
Fox News ^
| 04/13/2019 | Brooke Crothers |
Unlike the Android version, the malware isn’t distributed through the App Store but via the Apple Developer Enterprise program, which allows organizations to distribute proprietary, in-house apps to their employees and bypass the App Store, Lookout said. However,
some malicious groups have exploited this, Domingo Guerra, Senior Director, Modern OS Security, Symantec, told Fox News. These groups “misused the enterprise app certificate ‘loop-hole’ to circumvent the App Store review process and get their apps ‘sideloaded’ onto target devices,” he said. This is a new twist and potentially a sign of things to come. “The fact that it uses this ‘backdoor’...
|
|
|
A Secret Service agent inserted a USB drive infected with malware into his laptop [title truncated]
|
| |
Business Insider ^
| April 8, 2019 | liza Relman
A US Secret Service agent inserted a USB drive infected with "malicious malware" into his laptop after the hardware was confiscated from a Chinese woman who was arrested late last month after attempting to gain entry to President Donald Trump's Mar-a-Lago resort. Agent
Samuel Ivanovich testified in court on Monday that he put the thumb drive into his own computer, and it began installing files in a "very out-of-the-ordinary" way. He quickly stopped his analysis of the drive, the Miami Herald reported.
|
|
|
Chinese woman allegedly carrying malware arrested at Mar-a-Lago while Trump was there
|
| |
Market Watch ^
| Apr 2, 2019
A woman carrying two Chinese passports and a device containing computer malware lied to Secret Service agents and briefly gained admission to President Donald Trump’s Mar-a-Lago club over the weekend during his Florida visit, federal prosecutors allege in court documents. Yujing
Zhang, 32, approached a Secret Service agent at a checkpoint outside the Palm Beach club early Saturday afternoon and said she was a member who wanted to use the pool, court documents said. She showed the passports as identification. Agents say she wasn’t on the membership list, but a club manager thought Zhang was the daughter of a member....
|
|
|
19-years-old WinRAR vulnerability leads to over 100 malware exploits (Update Now!)
|
| |
SlashGear ^
| Mar 16, 2019 | Adam Westlake
After being a staple on PCs for so many years, last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors. Fortunately,
the software has been patched with the recent release of version 5.70, but after being unchecked for so long and installed by so many people, a new wave of malware is taking advantage. Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension,...
|
|
|
VeryMal Mac malware hides data within images
|
| |
MacDailyNews ^
| January 30, 2019
“A recent malware distribution campaign dubbed ‘VeryMal’ leverages an ancient technique called steganography — the hiding of secret information in plain sight — to distribute Mac malware,” Joshua Long reports for Intego. “The VeryMal campaign was caught distributing OSX/Shlayer, which was originally discovered by Intego researchers one year ago.” “Although
the concept of steganography has been around for hundreds of years, it is not something we see in a lot of Mac malware campaigns,” Long reports. “The VeryMal campaign used some cleverly crafted JavaScript code to look for secret information stored within a seemingly innocuous JPEG image file. The hidden...
|
|
|
Home Routers Under Attack by NSA-Spawned Malware: What to D
|
| |
tomsguide.com ^
| 11/29/2018 | Marshall Honorof · Editor
What you should do is factory-reset your router, disable UPnP, then check for firmware updates, since some companies have patched the vulnerability out. This
won’t fix any other compromised systems, but it’s a necessary first step. After that, you can factory-reset any other internet-connected device that you’re concerned about. You might also want to just buy a new router, as recent models do not appear to be susceptible to this type of attack. This information comes from a blog post entitled "UPnProxy: EternalSilence" penned by researchers at Cambridge, Massachusetts-based data management firm Akamai. Cybercriminals have learned how to take advantage...
|
|
|
Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says
|
| |
Nextgov ^
| October 25, 2018 | Jack Corrigan
An Interior Department watchdog recommended the U.S. Geological Survey ratchet up internet security protocols after discovering its networks had been infected with malware from pornography sites. The
agency’s inspector general traced the malicious software to a single unnamed USGS employee, who reportedly used a government-issued computer to visit some 9,000 adult video sites, according to a report published Oct. 17. Many of the prohibited pages were linked to Russian websites containing malware, which was ultimately downloaded to the employee’s computer and used to infiltrate USGS networks, auditors found. The investigation found the employee saved much of the pornographic material on...
|
|
|
Bitcoin, malware and blind luck helped Russian agents hack Democratic Party computers
|
| |
Pilot Online ^
| 7/15/18 | Chris Megerian
WASHINGTON — The email landed in John Podesta’s crowded inbox around March 19, 2016, during the height of the presidential primaries, and it appeared to be a standard security request from Google for Hillary Clinton’s campaign chairman to change his password. Doing
so ultimately led to a political firestorm that is still raging. The email was actually from Aleksey Lukashev, a senior lieutenant in Russian military intelligence, using the account “john356gh” to mask his purpose, U.S. officials say. The email contained an embedded link that secretly opened Podesta’s account to a hacking team at 20 Komsomolskiy Prospekt, near Moscow’s Red...
|
|
|
Android malware is infecting Amazon Fire TVs and Fire Sticks
|
| |
the verge ^
| 06/12/2018 | Rachel England
The worm, called ADB.Miner, installs itself as an app called "Test" under the package name "com.google.time.timer". Once it's infected a device, it eats up resources mining cryptocurrency -- devices will become slow, video playback will stop abruptly and a notification saying "Test" with the green Android robot icon will appear randomly on
screen. If you've never played around with your Fire TV's developer options (which are off by default), you'll be safe from the virus. If, however, you've allowed ADB debugging or apps from unknown sources, your device is at risk -- switch both to off. If you suspect you've...
|
|
|
F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
|
| |
The New York Times ^
| May 27, 2018 | Louis Lucero II
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The
malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as...
|
|
|
PSA: Here’s how to check for – and remove – the Mac malware mshelper
|
| |
9 to 5 Mac ^
| May. 18th 2018 4:36 am PT | By Ben Lovejoy
If your Mac seems to be running at high fan rates or you’re seeing reduced battery-life for no apparent reason, you may want to check for some Mac malware that seems to be going around … A couple of support threads have described people finding a process called mshelper using a
lot of CPU usage.From the little that’s known about it so far, it seems this is either adware or a cryptocurrency miner. Despite the heading in the Reddit thread, there’s no evidence that it’s a virus, so the most likely explanation for its spread is a sketchy download...
|
|
|
A (apparently) new malware is making the rounds, called Log 1
|
| |
The source is one Brooklyn Williams | 03/05/2018 | Chances Are
This email starts innocently enough. Don't
open it!
|
|