Recently, security experts has observed DanaBot Malware targeting bank located in US. The malware was first discovered at May 2018 and at that time it has been reported to target banks of Australia and Europe. According to a security report, this malware is a kind of modular Trojan which is written in Delphi. The one and only objective of cyber criminals behind this nasty malware is to make profit by gathering banking details of victim. Research also reveal that attackers behind this malware are spreading it continuously using different strategies. Social engineering technique and spam email campaign are the most used ways through which it is distributed. Expert suspect that this campaign is run by the same attacker who were behind the infamous Panda banking Trojan.
New form of malware continuously arise and the Xbash is one of them. Destructive capabilities of this latest threat has put cyber security analysts in worry. According to a report on malware, this threat is among those dangerous threat who arise their head in year 2018. the malware is written in Python language and it has various malicious capabilities. Crypto-mining threat and ransomware are considered as most devastating threat, but what if you come to know that this malware has inimical capabilities of both threat? Yes, it is true and this malware will make your PC part of its Botnet to execute malicious activities. Not only Windows, Xbash is also capable to target Linux server too.
Cyber security has always been on target of cyber criminals and according to a security report this time they have updated an old vulnerability. Denial of service (DoS) is a kind of vulnerability for the older versions of Windows operating system. As reported by cyber security analyst report, this vulnerability is known as FragmentSmack which is very similar to SegmentSmack, a vulnerability of Linux system. Recently Microsoft has published an advisory and alert user’s about a denial-of-service flaw which may attack multiple versions of Windows system and leave them unresponsive. According to the advisory the flaw has attacked almost all the version between Windows 7 to 10. This vulnerability is also known as CVE-2018-5391 and if you are a Windows user then it is not good news for you.
Recently, cyber security researchers has observed as new variant of Mirai Botnet targeting IoT (Internet of Things) devices. According to the security reports, the malware is running its campaign globally and it is capable to target individual PC users as well as IoT service devices. Because of its effectiveness it has been considered as one of the most successful and popular toll for cyber criminals. As published by a cyber security researcher, creating latest variant of Mirai malware is a profitable business for hackers because there are different kind of IoT device has some vulnerabilities which become easy target in such attack.
Banks always remain a tempting target for hackers because that’s where the profit is. Recently Necurs Botnet campaign is spotted targeting banking industry. The Necurs Botnet use millions of hacked computer network and it is one of the biggest spamming operation detected till now. As revealed by a latest security report, the attackers behind this campaign are utilizing .PUB files which is actually a Microsoft publisher document. It is a major threat not only for the bank but its users too. Expert also suspect that this spam campaign can also be used by hackers in future because it has already done so much damage in its initial outbreak.
A new malware has been spotted by cyber security researchers which misuse D-Link certificate for its campaign. The very malicious program goes by the name of Plead Malware. According to cyber security firm, their researchers have marked this threat when they found some of their computer mark number of files as suspicious. The malware is reported to steal D-Link which is a valid certificate from Taiwanese tech company and make them legitimate to take advantage. For your information, digital certificates are given by trusted CA (certificate authority). These digital certificate are used by cryptographically sign system application. Such application are allowed by computer for execution without any kind of warning message. Now you may understand how Plead Malware abuse digital certificate to run its malicious process.
The increased rate of cryptocurrency deals with Bitcoin and other alternatives has give rise to the creation of coordinated phishing attacks of the so-called “Bitcoins Airdrops”. Computer users look out for multiple ways to gain cryptocurrency assets, noted by criminals behind the campaign. Since the Bitcoin Airdrop Scam is considered as one of the most preferred method of stealing digital currency in past few months, it has proven to be the most successful tactics. Read the following article to know about some common scenarios used by criminals.
Beginning Of The Bitcoin Airdrop Scam
Before going in detail why this is most popular method to deceive computer user, you first need to consider what it is. Literally, Bitcoin Airdrop is a method to gain cryptocurrency assets just by taking part in a giveaway. Airdrops is defined as a form of donation from the developers of blockchain to the cryptocurrency community. These are planned in advance for marketing purpose in order to seek interests and to boost value in project. Cyber criminals utilizes most common advertisement method to spread the scam which include social media profile, user groups and Telegram chats. Targeted users, in some cases, are urged to perform some quick actions such as participating into discussions or sharing posts so as to be eligible for airdrops. In few other cases, airdrops are performed by services, sites and groups affiliated with the blockchain operators or service owners.
Spyware is perhaps the most worrying among all cyber threats and they become sophisticated over time. InvisiMole such a sophisticated piece of spyware which was first detected by security experts of ESET. The very malware strain has attacked number of targets in countries like Russia and Ukraine. According to the latest security report, this cuber-espionage tool is active since 2013 but it remains undetected for more than five years. It is counted among dangerous spyware program which is believe to be designed for attacking financial and nation state targets. The malware has advance spying capabilities put it in the top list of spyware detected in last few years. Research also reveal that the cyber criminals behind this spyware has remove every clue which can relate the malware to a specific con artist.
Once again, cryptocurrency malware is hit with new clever scam that uses National Security Agency (NSA) Exploits to disable security features on Windows computer. As we all know, cryptocurrencies are being in such high demand, it is no wonder that cyber culprits are leveraging cryptocurrency in several different forms as a platform for newly developed threats to attack.
As FortiGuard lab, a new python-based malware that is currently leveraging exploit kits to distribute and utilizes mine cryptocurrency, discovered as PyRoMine. It is one of many threats to leverage the ETERNALROMANCE exploit kit to infiltrated over target computer. Within the crosshairs of PyRoMine lies many vulnerable systems that can be attacked by a stand alone executable file, which is the premises of hackers utilizing Python-based compiler to bundle the malware into a single entity. Fundamentally, use of a Python-based threat is a much easier method for attacking vulnerable computers, which is done using the PyInstaller to package a program written in Python to be a stand alone executable file that may be included in a downloaded ZIP file.
Moreover, the exploit kit ETERNALROMANCE and ETERNALBLUE two exploits developed by NSA, once used in taking advantage of a vulnerabilities within Microsoft’s Server Message Block(SMB). Where as these kind of exploit kit is a software package or a tool kit that cyber hackers or a computer programmer use to perform targeted work or deliver other software in an unconventional method. Although, the PyRoMine malware enables Remote Desktop Protocol on the targeted system so that it can open target machine to further attacks. Also it will use malicious URL with an executable file containing PyInstaller. To make system more vulnerable and functionality makes easier, the NSA ETERNALBLUE exploits allows it to gain system privileges which allow cyber culprits to gain full control on the target system. Afterward they use Monero cryptocurrency on dedicated machine that utilizes a large amount of computer power.
Cyber intelligence has reported another crypto virus which is known as JosepCrypt. According to the security analysis, this ransomware is very similar to those file encrypting threat which were detected in year 2018 but the only thing which make it unique from other is its architecture. Some security firm report that the malware is still in development period and its update can be released soon which will more destructive. However it is enough strong to attack any computer but its infection report suggest that it mostly attack system with weak protection. Unfortunately if your system also become victim of JosepCrypt virus then you can’t access your files unless you have a backup.