• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Social

GhostClicker Adware is a Phantomlike Android Click Fraud
  • Posted on:August 16, 2017 at 8:52 am
  • Posted in:Mobile, Social
  • Author:
    Mobile Threat Response Team
0

We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode scanners, multimedia recorders and players, device charger, and GPS/navigation-related apps.

While the majority of the said apps have been taken down, 101 were still downloadable as of August 7, 2017. Our detections/sensors saw the prevalence of this adware in Southeast Asian countries as well as Brazil, Japan, Taiwan, Russia, Italy, and the U.S.

Read More
Tags: adwareandroidGhostClicker

Can Online Dating Apps be Used to Target Your Company?
  • Posted on:August 10, 2017 at 4:43 am
  • Posted in:Mobile, Social
  • Author:
    Trend Micro
0

People are increasingly taking to online dating to find relationships—but can they be used to attack a business? The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a date, but also to attackers who leverage this information to gain a foothold into your organization.

To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and LoveStruck.

Read More
Tags: Online Dating

How HTML Attachments and Phishing Are Used In BEC Attacks
  • Posted on:July 27, 2017 at 7:00 am
  • Posted in:Social, Targeted Attacks
  • Author:
    Lord Alfred Remorin (Senior Threat Researcher)
0

Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files but HTML pages.

Read More
Tags: BECHTML attachmentsphishing

Exploring the Online Economy that Fuels Fake News
  • Posted on:June 13, 2017 at 5:00 am
  • Posted in:Bad Sites, Social
  • Author:
    Trend Micro
0

“Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propaganda that we see today. Whether it’s a company trying to promote a brand or a political party pushing an ideal, today’s information wars are often for control of the public’s worldview.

Our latest research paper, “The Fake News Machine: How Propagandists Abuse the Internet and Manipulate the Public”, delves into this phenomenon. It also tackles how a group with means and motivations, use of social media, and online promotion tools and services can effectively spread these campaigns. These are the components of what we call the “Fake News Triangle”, which we’ve found to be the pillars of success for any fake news and public opinion manipulation campaign.

Read More
Tags: cyber propagandafake newsPublic Opinion Manipulation

iPhone Phishing Scam Crosses Over Physical Crime
  • Posted on:May 4, 2017 at 7:28 pm
  • Posted in:Bad Sites, Social
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password.

Fortunately, he was able to recover and update it, as his phone number was tied to his Facebook account. But a pickpocket accessing his victim’s Facebook account is quite unusual. After all, why would a crook be interested with his victim’s Facebook account for when the goal is usually to use or sell the stolen device? It didn’t stop there; a day after, my friend curiously received a phishing SMS message on his new phone.

What’s interesting here is the blurred line between traditional felony and cybercrime—in particular, the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks.

Read More
Tags: Brazilian underground marketiphonephishingPhysical Crime
Page 1 of 2212 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
  • New WannaCry-Mimicking SLocker Abuses QQ Services
  • LeakerLocker Mobile Ransomware Threatens to Expose User Information
  • SLocker Mobile Ransomware Starts Mimicking WannaCry
  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
  • Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
  • A Look at JS_POWMET, a Completely Fileless Malware
  • CVE-2017-0199: New Malware Abuses PowerPoint Slide Show
  • Linux Users Urged to Update as a New Threat Exploits SambaCry 

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.