Senior Threat Researcher
With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.
Read More
In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.
Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.
Read More
Crime follows the money, as the saying goes, and once again, cybercriminals have acted accordingly. The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best. This kind of malware, also known as cryptomalware, has a clear goal, which is to make money out of cryptocurrency transactions. This can be achieved through two different methods: stealing cryptocurrency and mining cryptocurrency on victims’ devices surreptitiously (without the victims noticing), a process also known as cryptojacking. In this post, we discuss how these two methods work, and see whether devices connected to the internet of things (IoT), which are relatively underpowered, are being targeted.
Read More
Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.
Read More
Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password.
Fortunately, he was able to recover and update it, as his phone number was tied to his Facebook account. But a pickpocket accessing his victim’s Facebook account is quite unusual. After all, why would a crook be interested with his victim’s Facebook account for when the goal is usually to use or sell the stolen device? It didn’t stop there; a day after, my friend curiously received a phishing SMS message on his new phone.
What’s interesting here is the blurred line between traditional felony and cybercrime—in particular, the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks.
Read More