• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Social

New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • Posted on:January 16, 2019 at 5:00 am
  • Posted in:Malware, Social
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands. Trend Micro’s machine learning and behavioral detection technologies proactively blocked the malicious code at the time of discovery (detected as Downloader.JS.TRX.XXJSE9EFF010).

The activities are unusual, as the group is known for injecting code into a few compromised e-commerce websites then keeping a low profile during our monitoring. Further research into these activities revealed that the skimming code was not directly injected into e-commerce websites, but to a third-party JavaScript library by Adverline, a French online advertising company, which we immediately contacted.

Read More
Tags: Code InjectionMagecartOnline Skimming

Cybercriminals Use Malicious Memes that Communicate with Malware
  • Posted on:December 14, 2018 at 5:00 am
  • Posted in:Malware, Social
  • Author:
    Trend Micro
0

Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.

Read More
Tags: command and controlTwitter

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
  • Posted on:June 19, 2018 at 7:00 am
  • Posted in:Bad Sites, Malware, Mobile, Social
  • Author:
    Ecular Xu (Mobile Threat Response Engineer)
0

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published on Google Play or App Store. We’ve also seen others take a more subtle approach that involves SmiShing to direct potential victims to malicious pages. Case in point: a campaign we recently observed that uses SMS as an entry point to deliver an information stealer we called FakeSpy (Trend Micro detects this threat ANDROIDOS_FAKESPY.HRX).

FakeSpy is capable of stealing text messages, as well as account information, contacts, and call records stored in the infected device. FakeSpy can also serve as a vector for a banking trojan (ANDROIDOS_LOADGFISH.HRX). While the malware is currently limited to infecting Japanese and Korean-speaking users, we won’t be surprised if it expands its reach given the way FakeSpy’s authors actively fine-tune the malware’s configurations.

Read More
Tags: androidFakeSpymobile phishingSmiShing

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
  • Posted on:February 1, 2018 at 5:00 am
  • Posted in:Bad Sites, Social
  • Author:
    Joseph C Chen (Fraud Researcher)
0

The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.

Read More
Tags: cryptocurrency minerDroidclub

GhostTeam Adware can Steal Facebook Credentials
  • Posted on:January 18, 2018 at 12:03 am
  • Posted in:Malware, Mobile, Social
  • Author:
    Mobile Threat Response Team
0

We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play.

Their command-and-control (C&C) server points to mspace[.]com[.]vn. This, along with the considerable use of Vietnamese language, may indicate that the apps were from Vietnam. For instance, GhostTeam’s configurations are in English and Vietnamese. English will be the default language if the malware detects the geolocation to be outside Vietnam.

Read More
Tags: adwareFacebookGhostTeam
Page 1 of 2412 › »

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users
  • January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities
  • Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities
  • Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.