• Targeted Attacks

  • Is The Raspberry Pi Secure?
  • What Connections Between Attacks Say About Them
  • Hiding in Plain Sight: A New Targeted Attack Campaign
  • Backdoor Built With Aheadlib Used In Targeted Attacks?
  • Malicious PDFs On The Rise
  Bookmark the Threat Intelligence Resources site to stay updated on valuable information you can use in your APT defense strategy

• Mobile

  • Get Free Followers! on Instagram? Get Free Malware, Survey Scams Instead
  • Mobile Ads Pushed by Android Apps Lead to Scam Sites
  • Finding Banking Trojans in Eastern Asia – Report From CeCOS VII
  • How Mobile Malware Uses The Web
  • (Lack of) Android Updates To Come Under FTC Scrutiny?
  For information on all mobile threats and other security risks, see Mobile Threat Information Hub on the Trend Micro Threat Encyclopedia.

Archive for the ‘Malware’ Category

Tweet

May7	Homemade Browser Targeting “Banco do Brasil” Users 6:49 pm (UTC-7)   |    by Ranieri Romera (Senior Threat Researcher)

Cybercriminals in Brazil appear to have come up with a new tactic to lure users into giving up their login information. A few days ago, we found a post on a Brazilian forum offering a browser that could access the website of the Banco do Brasil without using the needed security plugin. Figure 1. Homemade browser ad Users that clicked the download link download a zip file. Inside this compressed file, there two executable files: one was the browser itself, which is ...

Posted in Bad Sites, Malware | TrackBacks (3) »

Tweet

May7	Long Live Endpoint Protection! 1:02 pm (UTC-7)   |    by Raimund Genes (Chief Technology Officer)

Last month, an article in Dark Reading by Robert Lemos asked if it was "Time To Dump Antivirus As Endpoint Protection?". It referenced a recent Google research paper that outlined their new reputation technology called CAMP (short for Content-Agnostic Malware Protection), which they claim protects against 98.6% of malware downloaded via their Chrome browser, as opposed to the 25 percent detected by the best performing antivirus engine they tested. This may sound like magic. Whether you view this as white magic ...

Posted in Bad Sites, Malware |

Tweet

May6	AutoIt Used To Spread Malware and Toolsets 6:59 am (UTC-7)   |    by Kyle Wilhoit (Threat Researcher)

AutoIt is a very flexible coding language that's been used since 1999 by coders looking for a fast, easy, and flexible scripting language in Windows. From simple scripts that change text files to scripts that perform mass downloads with complex GUIs, AutoIt is an easy-to-learn language that allows for quick development. The trend for malicious actors to use AutoIt to code malware and tools however has been increasing, and the trend appears to be getting stronger AutoIt Hacker Tools Recently, we ...

Posted in Malware |

Tweet

May5	Compromised US Government Webpage Used Zero-Day Exploit 9:49 pm (UTC-7)   |    by Dexter To (Network Threat Researcher)

A new Internet Explorer zero-day exploit has been spotted in a compromised website of the US Department of Labor. When users visit the compromised website, it loads a malicious script which Trend Micro detects as JS_DLAGENT.USR. This particular script was hosted on the compromised site itself. It loads another script (this time, hosted on a malicious server) detected as JS_KILLAV.AA. Once executed, JS_KILLAVA.AA obtains specific information from the infected machine such as the installed Adobe Reader and Flash version as well as security ...

Posted in Exploits, Hacked Sites, Malware |

Tweet

May2	Gaming Network Plants Bitcoin Miner On User Systems 4:33 pm (UTC-7)   |    by Jonathan Leopando (Technical Communications)

A few weeks ago, we noted that we believed it was likely that Bitcoin miners using GPUs might become part of the threat landscape. It appears that that has happened, in a somewhat roundabout way. The e-sports league ESEA was recently forced to admit that an employee had, without authorization, pushed a Bitcoin miner to users and forced the client machines to mine coins - for his own gain. They claim that the code to do so was born out of internal ...

Posted in Malware | TrackBacks (2) »