• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware

After Angler: Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity
  • Posted on:June 22, 2016 at 8:47 am
  • Posted in:Exploits, Malware, Ransomware
  • Author:
    Joseph C Chen (Fraud Researcher)
0
Vulnerability04

Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there’s barely any pulse left.

After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With Angler’s reported inactivity, it appears that cybercriminals are scrambling to find new exploit kits to deliver malware. Angler had been the exploit kit of choice because it was the most aggressive in terms of including new exploits and it was able to apply a lot of antivirus evasion techniques such as payload encryption and fileless infection.

Read More
Tags: Angler Exploit Kitcrypto-ransomwareexploit kitransomware

‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices
  • Posted on:June 21, 2016 at 12:31 pm
  • Posted in:Malware, Mobile
  • Author:
    Veo Zhang (Mobile Threats Analyst)
0
Mobile04

We came across a family of mobile malware called Godless (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its pockets. By having multiple exploits to use, Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90% of Android devices run on affected versions. Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.

Read More
Tags: Rooting Malware

Banking Trojans as a Service—Theft Made Easy in Brazil
  • Posted on:June 20, 2016 at 6:47 am
  • Posted in:Deep Web, Malware
  • Author:
    Trend Micro
0
thumb

As a known banking Trojan center, it’s not surprising when Brazil’s cybercriminals launch what could be considered “banking Trojans as a service.” In this particular case, a skilled cybercriminal started offering a fully functional banking Trojan and its associated infrastructure for rent, to be used by less-skilled crooks.

This particular threat caught our eye because of its ad, which included demonstration videos on YouTube. Its creator, “Ric”, offers the services of this particular banking Trojan for rent, which costs approximately US$600 for a 10-day period. The service includes a comprehensive, highly capable, and well-designed console, as well as the capability to bypass additional authentication steps used by banks in Brazil.

Read More
Tags: banking Trojans as a serviceBrazilian cybercriminal underground

Why Ransomware Works: Tactics and Routines Beyond Encryption
  • Posted on:June 16, 2016 at 5:00 am
  • Posted in:Malware, Ransomware
  • Author:
    Trend Micro
0
feature_whyransomware

How do companies regardless of size and industry prepare for ransomware attacks? A recent study revealed that businesses are considering saving up Bitcoins, just in case they get hit by these threats and can recover their confidential files in a short span of time. While we don’t recommend succumbing to the ransom payment as it doesn’t guarantee that you’ll get your files back plus you’ll be prone to more ransomware attacks, we can’t also blame these large organizations and businesses for doing so.

Read More
Tags: crypto-ransomwareCryptXXXCRYPWALLpetyaPowerWareransomwareSAMSAMTeslacryptZCRYPT

Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
  • Posted on:June 15, 2016 at 2:55 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0
feature_cybercrime

Users of the TeamViewer remote-access service have been complaining in recent weeks about how their systems have been hacked into, unauthorized purchases made on their cards, their bank accounts emptied. Initially it was believed that this was due to a hack into TeamViewer itself, but the company has denied this. Instead, they have blamed password re-use, especially with millions of old passwords in the wild thanks to disclosed social network breaches.

Others have speculated that malware could be in use somehow, and that may be the case. We have evidence that trojanized TeamViewer installer packages have been used in a spam campaign that resulted in attackers gaining remote access to various systems. While this particular spam campaign used an old version of TeamViewer, we can’t dismiss the possibility of other attacks using newer versions.

Read More
Page 4 of 245 « ‹ 345 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • The Rise and Fall of Encryptor RaaS
  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.