• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware

Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
  • Posted on:June 21, 2018 at 5:01 am
  • Posted in:Botnets, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

Read More
Tags: cryptocurrency minerCVE-2018-7602drupalMonero

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
  • Posted on:June 19, 2018 at 7:00 am
  • Posted in:Bad Sites, Malware, Social
  • Author:
    Ecular Xu (Mobile Threat Response Engineer)
0

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published on Google Play or App Store. We’ve also seen others take a more subtle approach that involves SmiShing to direct potential victims to malicious pages. Case in point: a campaign we recently observed that uses SMS as an entry point to deliver an information stealer we called FakeSpy (Trend Micro detects this threat ANDROIDOS_FAKESPY.HRX).

FakeSpy is capable of stealing text messages, as well as account information, contacts, and call records stored in the infected device. FakeSpy can also serve as a vector for a banking trojan (ANDROIDOS_LOADGFISH.HRX). While the malware is currently limited to infecting Japanese and Korean-speaking users, we won’t be surprised if it expands its reach given the way FakeSpy’s authors actively fine-tune the malware’s configurations.

Read More
Tags: androidFakeSpymobile phishingSmiShing

North American Malware Trends: Taking a Proactive Approach to Modern Threats
  • Posted on:June 19, 2018 at 5:09 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

To help IT teams decide where their points of focus should be to create an effective security strategy, we took a look at data in North America in the first quarter of 2018 to determine the trends in the threat landscape and paint a picture of the main types of threats that both individuals and organizations face today.

Read More
Tags: cryptocurrency minerinformation theftManaged Detection and ResponseMDRNABUransomwarethreats

New KillDisk Variant Hits Latin American Financial Organizations Again
  • Posted on:June 7, 2018 at 5:01 am
  • Posted in:Malware
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.

Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.

Read More
Tags: KilldiskLatin AmericaMBR Wiper

Post-Tax Season Spam Campaign Delivers URSNIF to North American Taxpayers
  • Posted on:June 6, 2018 at 5:00 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

Although many tax scams purely rely on social engineering, other campaigns make use of more sophisticated tools and techniques. We found and analyzed one such campaign delivering the notorious banking trojan known as URSNIF to North American targets.

Read More
Tags: malspamtax seasonURSNIF
Page 1 of 26712 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Malicious Edge and Chrome Extension Used to Deliver Backdoor
  • Confucius Update: New Tools and Techniques, Further Connections with Patchwork
  • GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities
  • Legitimate Application AnyDesk Bundled with New Ransomware Variant
  • Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.