A large-scale ransomware attack reported to be caused by a variant of the Petya ransomware is currently hitting various users, particularly in Europe. This variant, which Trend Micro already detects as RANSOM_PETYA.SMA, is known to use both the EternalBlue exploit and the PsExec tool as infection vectors.
Read More
We have recently discovered a Trojan Android ad library called Xavier that steals and leaks a user’s information silently. Xavier’s impact has been widespread, with more than 800 applications embedding the ad library’s SDK having been downloaded millions of times from Google Play.
Read More
We found another unique method being used to deliver malware—abusing the action that happens when simply hovering the mouse’s pointer over a hyperlinked picture or text in a PowerPoint slideshow. This technique is employed by a Trojan downloader (detected by Trend Micro as TROJ_POWHOV.A and P2KM_POWHOV.A), which we’ve uncovered in a recent spam email campaign in the EMEA region, especially organizations in the U.K., Poland, Netherlands, and Sweden. Affected industries include manufacturing, device fabrication, education, logistics, and pyrotechnics.
Read MoreFor most security researchers, Yara, a tool that allows them to create their own set of rules for malware tracking, is an invaluable resource that helps automate many processes. However, despite Yara’s reliability, it shouldn’t be the only tool used to monitor new versions of malware.
Read MorePowerShell is a versatile command-line and shell scripting language from Microsoft that can integrate and interact with a wide array of technologies. It runs discreetly in the background, and can be used to obtain system information without an executable file. All told, it makes an attractive tool for threat actors. There were a few notable instances…
Read More