• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for June 2018

The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors

  • Posted on:June 28, 2018 at 5:01 am
  • Posted in:Botnets, Malware
  • Author:
    Trend Micro
0

by Anita Hsieh, Rubio Wu, Kawabata Kohei Six years after it was first spotted in the wild, the Necurs malware botnet is still out to prove that it’s a malware chameleon.  We recently discovered noteworthy changes to the way Necurs makes use of its bots, such as pushing infostealers on them and showing a special…

Read More
Tags: NECURS

Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site

  • Posted on:June 26, 2018 at 5:01 am
  • Posted in:Internet of Things, Malware
  • Author:
    Trend Micro
0

Our honeypot sensors, which are designed to emulate Secure Shell (SSH), Telnet, and File Transfer Protocol (FTP) services, recently detected a mining bot related to the IP address 192.158.228.46. The address has been seen to search for both SSH- and IoT-related ports, including 22, 2222, and 502. In this particular attack, however, the IP has landed on port 22, SSH service. The attack could be applicable to all servers and connected devices with a running SSH service.

Read More
Tags: botcryptocurrencycybercrimeminingSSH

Necurs Poses a New Challenge Using Internet Query File

  • Posted on:June 22, 2018 at 5:06 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again. Current findings prove that its developers are actively devising new means to stay ahead of the security measures meant to thwart it. This time, the new wave of spam from this botnet is using the internet query file IQY to evade detection.

Read More
Tags: NECURS

Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware

  • Posted on:June 21, 2018 at 5:01 am
  • Posted in:Botnets, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

Read More
Tags: cryptocurrency minerCVE-2018-7602drupalMonero

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users

  • Posted on:June 19, 2018 at 7:00 am
  • Posted in:Bad Sites, Malware, Mobile, Social
  • Author:
    Ecular Xu (Mobile Threat Response Engineer)
0

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published on Google Play or App Store. We’ve also seen others take a more subtle approach that involves SmiShing to direct potential victims to malicious pages. Case in point: a campaign we recently observed that uses SMS as an entry point to deliver an information stealer we called FakeSpy (Trend Micro detects this threat ANDROIDOS_FAKESPY.HRX).

FakeSpy is capable of stealing text messages, as well as account information, contacts, and call records stored in the infected device. FakeSpy can also serve as a vector for a banking trojan (ANDROIDOS_LOADGFISH.HRX). While the malware is currently limited to infecting Japanese and Korean-speaking users, we won’t be surprised if it expands its reach given the way FakeSpy’s authors actively fine-tune the malware’s configurations.

Read More
Tags: androidFakeSpymobile phishingSmiShing
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.