• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware

Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware
  • Posted on:April 17, 2018 at 2:03 am
  • Posted in:Internet of Things, Malware
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.

Read More
Tags: internet of thingsIOTMalwarerouters

Uncovering Unknown Threats With Human-Readable Machine Learning
  • Posted on:April 12, 2018 at 5:00 am
  • Posted in:Malware
  • Author:
    Marco Balduzzi (Senior Threat Researcher)
0

In this blog post, we will discuss how we developed a human-readable machine learning system that is able to determine whether a downloaded file is benign or malicious in nature.

The development of this actionable intelligent system stemmed from the question: How can we make our knowledge about global software download events actionable? More specifically, how can we use such information to do a better job at detecting the threats posed by the large amounts of new malicious software circulating on a daily basis?

In this last installment of this blog series, we will answer such questions and give a summary of what we did with the information we’ve obtained. Our research paper titled Exploring the Long Tail of (Malicious) Software Downloads provides a more comprehensive look into how we’ve gathered and analyzed our software downloads data.

Read More
Tags: machine learningMalwaresoftware downloadsunknown files

Understanding Code Signing Abuse in Malware Campaigns
  • Posted on:April 5, 2018 at 1:00 am
  • Posted in:Machine Learning, Malware
  • Author:
    Trend Micro Forward-Looking Threat Research Team
0

Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post.

Code signing is the practice of cryptographically signing software with the intent of giving the operating system (like Windows) an efficient and precise way to discriminate between a legitimate application (like an installer for Microsoft Office) and malicious software. All modern operating systems and browsers automatically verify signatures by means of the concept of a certificate chain.

Valid certificates are issued or signed by trusted certification authorities (CAs), which are backed up by parent CAs. This mechanism relies entirely and strictly on the concept of trust. We assume that malware operators are, by definition, untrustworthy entities. Supposedly, these untrustworthy entities have no access to valid certificates. However, our analysis shows that is not the case.

Read More
Tags: code signingcybercriminal undergroundMalware

A Closer Look at Unpopular Software Downloads and the Risks They Pose to Organizations
  • Posted on:March 27, 2018 at 5:01 am
  • Posted in:Malware
  • Author:
    Marco Balduzzi (Senior Threat Researcher)
0

As a large cyber security vendor, Trend Micro deals with millions of threat data per day. Our Smart Protection Network (SPN), among other technologies, helps us conduct research and investigate new threats and cybercrimes to improve our ability to protect our customers.

In this blog post, the first of a three-part series, I would like to share some insights on trends that we have observed in the wild after analyzing 3 million software downloads, involving hundreds of thousands of internet-connected machines.

Specifically, we turn our focus on web downloads originating from browsers or any other (HTTP) client application installed on a machine. Note that we limited the study to machines that execute software after download. Given the huge quantity of data, we also limited our research to unpopular software downloaded from URLs that were not whitelisted. This automatically excludes software from Windows Updates and other well-known domains. All this information is PII anonymized.

We classify these downloads as benign (legitimate software), malicious or unknown. Unknown means that the downloaded software is currently unknown to us or to other public data sources that we monitor.

Read More
Tags: benign softwareMalwaresoftware downloadsunknown files

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant
  • Posted on:November 2, 2017 at 5:00 am
  • Posted in:Bad Sites, Malware, Mobile
  • Author:
    Mobile Threat Response Team
0

We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain features to make iXintpwn/YJSNPI more difficult to uninstall.

We recently discovered a new variant of iXintpwn/YJSNPI (detected by Trend Micro as IOS_YJSNPI.A) that uses a signed profile to conduct different attacks compared to its predecessor. IOS_YJSNPI.A is extracted from either of the two app stores—hxxp://m[.]3454[.]com and hxxp://m[.]973[.]com. Based on our analysis, this new variant’s main purpose is not to damage users’ operating systems, but to lure users into downloading repackaged apps.

Read More
Tags: androidapp storesiOSMalwareMobile
Page 1 of 3512 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Malicious Edge and Chrome Extension Used to Deliver Backdoor
  • Confucius Update: New Tools and Techniques, Further Connections with Patchwork
  • GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities
  • Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability
  • How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.