We found an internet of things (IoT) Mirai botnet downloader exploiting CVE-2020-5902 in the wild, two weeks after getting a 10 out of 10 CVSS rating in its disclosure. Analyzing the said variant, it can also abuse nine other recently discovered security bugs in other devices.Read More
Fernando Mercês (Senior Threat Researcher)
Senior Threat Researcher
We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.Read More
In the past few years, Linux systems have been susceptible to attacks involving ransomware, cryptocurrency miners, botnets and other types of malware. The successful deployment of the said attacks refutes an old notion that machines and devices that run Linux are less likely to be affected by malware.
To come up with effective countermeasures, we constantly work on developing methods to address concerns pertaining to attacks against Linux systems, for example, by looking for ways to conduct quick and efficient analysis of malware samples that leads to their eventual detection and blocking. One of these methods involve reverse engineering files to locate the address of the main() function, which usually contains code that malware authors craft to start malicious routines.Read More
With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.Read More
In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.
Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.Read More