Top IT Security Bloggers

TrendLabs - Malware Blog
  • Windows App Runs on Mac, Downloads Info Stealer and Adware

    TrendLabs - Malware Blog
    We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US.
    The post Windows App Runs on Mac, Downloads Info Stealer and Adware appeared first on .
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners

    TrendLabs - Malware Blog
    We noticed a Linux coin miner with scripts almost the same as KORKERDS, and with just one crontab removes other miners and malware installed in the system upon infection.
    The post Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners appeared first on .
  • Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures

    TrendLabs - Malware Blog
    We discovered several beauty camera apps (detected as AndroidOS_BadCamera.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes. Some of these have already been downloaded millions of times, which is unsurprising given the popularity of these kinds of apps.
    The post Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures appeared first on .
  • ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai

    TrendLabs - Malware Blog
    We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.
    The post ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai appeared first on .
  • Going In-depth with Emotet: Multilayer Operating Mechanisms

    TrendLabs - Malware Blog
    To better understand Emotet, we shed light on its multilayer operating mechanisms, its document droppers, and its packed executable samples' activities.
    The post Going In-depth with Emotet: Multilayer Operating Mechanisms appeared first on .
  • Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics

    TrendLabs - Malware Blog
    We found malicious apps on Google Play trying to drop a banking malware payload on unsuspecting users. Motion sensor data was used to evade detection.
    The post Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics appeared first on .
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain

    TrendLabs - Malware Blog
    On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands. Trend Micro’s machine learning and behavioral detection technologies proactively blocked the malicious code at the time of discovery (detected as Downloader.JS.TRX.XXJSE9EFF010).
    The activities are unusual, as the group is known for injecting code into a few compromised e-commerce websites then keeping a low profile during our monitoring. Further research into these activities revealed that the skimming code was not directly injected into e-commerce websites, but to a third-party JavaScript library by Adverline, a French online advertising company, which we immediately contacted.
    The post New Magecart Attack Delivered Through Compromised Advertising Supply Chain appeared first on .
  • Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers

    TrendLabs - Malware Blog
    In our research, we found that it is possible to perform attacks within or out of RF range. For remote attackers out of the transmission range, there are two possibilities: be a truly remote attacker and do a computer-borne attack (that is, to take control of a computer used to software-program or -control the RF devices), or have temporary physical access to the facility to drop a battery-powered, pocket-sized embedded device for remote access. As a proof of concept (PoC), we developed such a device to show the feasibility.
    The post Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers appeared first on .
  • January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities

    TrendLabs - Malware Blog
    Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
    The post January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities appeared first on .
  • Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users

    TrendLabs - Malware Blog
    We recently discovered an active adware family (detected by Trend Micro as AndroidOS_HidenAd) disguised as 85 game, TV, and remote control simulator apps on the Google Play store. This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background. The 85 fake apps have been downloaded a total of 9 million times around the world.
    The post Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users appeared first on .

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release