• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites

XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • Posted on:April 19, 2018 at 6:06 pm
  • Posted in:Bad Sites, Malware, Mobile
  • Author:
    Lorin Wu (Mobile Threats Analyst)
0

We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects these as ANDROIDOS_XLOADER.HRX.

These malware pose as legitimate Facebook or Chrome applications. They are distributed from polluted DNS domains that send a notification to an unknowing victim’s device. The malicious apps can steal personally identifiable and financial data and install additional apps. XLoader can also hijack the infected device (i.e., send SMSs) and sports self-protection/persistence mechanisms through device administrator privileges.

Read More
Tags: androidDNS SpoofingXLoader

Cryptocurrency Web Miner Script Injected into AOL Advertising Platform
  • Posted on:April 4, 2018 at 5:30 am
  • Posted in:Bad Sites
  • Author:
    Trend Micro
0

On March 25, we saw that the number of cryptocurrency web miners detected by the Trend Micro Smart Protection Network suddenly spiked. Our team tracked the web miner traffic and found that the bulk of it was linked to MSN.com in Japan. Further analysis revealed that malicious actors had modified the script on an AOL advertising platform displayed on the site to launch a web miner program.

Read More
Tags: cloud servicescryptocurrency miner

Pop-up Ads and Over a Hundred Sites are Helping Distribute Botnets, Cryptocurrency Miners and Ransomware
  • Posted on:March 22, 2018 at 7:00 am
  • Posted in:Bad Sites
  • Author:
    Joseph C Chen (Fraud Researcher)
0

The Trend Micro Cyber Safety Solutions team has been tracking a potentially unwanted app (PUA) distribution campaign that installs PUA software downloaders. During our research, we found that some of these distributors started pushing malware along with PUAs in late 2017. In this post we focus on one of the older PUA software downloaders called ICLoader (also called FusionCore and detected by Trend Micro as PUA_ICLOADER). Different reports identified it as a PUA software downloader because it installed adware or unwanted software.

Read More
Tags: botnetcryptocurrency minerPUAransomware

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
  • Posted on:February 1, 2018 at 5:00 am
  • Posted in:Bad Sites, Social
  • Author:
    Joseph C Chen (Fraud Researcher)
0

The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.

Read More
Tags: cryptocurrency minerDroidclub

Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners
  • Posted on:January 26, 2018 at 6:00 am
  • Posted in:Bad Sites
  • Author:
    Trend Micro
0

On January 24, 2018, we observed that the number of Coinhive web miner detections tripled due to a malvertising campaign. We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool. Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro™ Smart Protection Network™ shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google.

Read More
Tags: Coinhivecyrptocurrencymalvertisement
Page 1 of 33412 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.