Malware Archives - IT Security Guru

Fans of Last Of Us warned of rising phishing and malware scams

The Gurus — Wed, 15 Mar 2023 12:00:05 +0000

Security experts are warning consumers of two new scams that are circulating in the wild which are taking advantage of the buzz and hype surrounding HBO’s new adaption of the popular video game franchise The Last Of US.

Technology expert Prateek Jha from VPNOverview.com initiated the warning which has also been supported by Kaspersky.

Kaspersky researchers shared with VPNOverview details of two separate campaigns — a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data.

“Gamers are a popular target for cybercriminals because, in addition to personal information, passwords, and bank card data, scammers may steal their gaming accounts with internal currency and rare skins, for example, using stealers,” Kaspersky told VPNOverview.

Malware offering ‘The Last of Us Part II’ for PC scam

The first of the two scams involve a website offering “The Last of Us Part II” for download. Anyone who attempts to download this fraudulent game will get malware on their device.

“Most often, players get malicious software, stealing sensitive data, on their devices when trying to download a popular game from a third-grade website instead of buying it on the official one,” Kaspersky said. The researchers noted that malware could remain hidden on a device and go “undetected for years.” “Users will not know that something is wrong because it may not cause any visible harm while silently doing its job,” they said.

A PC remake of the original first part of The Last of Us is slated for a March 2023 release; both games are currently exclusive to PlayStation and not available for download. According to a 2022 Kaspersky report on gaming-related cyber threats by Securelist, between July 2021 and June 2022, approximately 384,224 gamers encountered thousands of malware disguised as games.

Phishing scam targeting payment data

The second scam involves a website that offers an activation code for The Last of Us on PlayStation. The phishing site bundles the code with a “gift,” such as a PlayStation 5 or a $100 Roblox gift card.

To receive the code and the gift, users must pay a commission fee by entering their credentials and credit card data. Victims of this scam are left with nothing in return, as the scammers could use the stolen data to conduct various types of online fraud.

“Cybercriminals actively lure their victims with trendy games: for example, by offering a free download of a game that may be very expensive on Steam, or by distributing games that have not yet been officially released,” Kaspersky said. “And not just games – gamers can download something that looks like Discord from a third-party site but will actually turn out to be malware.”

Between 2021 and 2022, there were over three million phishing attacks on online gaming platforms, with most of these designed to steal gamers’ account credentials and financial data.

New fans should be careful

These new scams are targeting new fans the HBO series brings to the franchise, as long-time fans and players are likely up to date on the latest release information and cybersecurity practices.

The best way to stay ahead of such scams is to exercise caution and only download video games from official sources and trusted websites. If you come across any deals that seem too good to be true, do a quick Google search to check out their legitimacy. Cybercriminals can also target gamers outside gaming platforms and forums, using malware disguised as legitimate software, so fans should be aware of this.

It is also recommended to activate two-factor authentication and use unique, secure passwords for all your online accounts. Also, keep your operating systems and apps updated.

The post Fans of Last Of Us warned of rising phishing and malware scams appeared first on IT Security Guru.

Malware source code discovered on GitHub puts millions of IoT devices at risk

The Gurus — Fri, 28 Jan 2022 08:30:07 +0000

The nefarious minds behind a dangerous malware called BotenaGo have uploaded the source code to GitHub on October 16th 2021, according to new research by AT&T Alien Labs. This could mean hackers around the world, who now have access to this source code, will have the ability to create their own versions of the malware and adapt it to their own attack objectives.

There is concern BotenaGo malware ‘variants’ will begin to surface quickly and go largely undetected because, as it stands, antivirus (AV) vendor detection for BotenaGo and its variants remains behind, with very low detection coverage from most of AV vendors – only 3 out of 60 can currently detect it.

Ofer Caspi, malware researcher at AT&T Alien Labs, stated they “expect to see new campaigns based on BotenaGo variants targeting routers and IoT devices globally.”

In November 2021, AT&T Alien Labs had published research detailing the discovery of the BotenaGo malware which hadn’t been previously seen. The malware is written in the open-source programming language Golang, contains a total of only 2,891 lines of code (including empty lines and comments) and has been described as “simple yet efficient”.

It contains key malware capabilities such as:

Reverse shell and telnet loader, which are used to create a backdoor to receive commands from its operator
Automatic set up of the malware’s 33 exploits, giving the hacker a “ready state” to attack a vulnerable target and infect it with an appropriate payload based on target type or operating system

The BotenaGo malware can exploit vulnerabilities in IoT devices like routers including those manufactured by Netgear, D-Link, Linksys and ZTE.

The post Malware source code discovered on GitHub puts millions of IoT devices at risk appeared first on IT Security Guru.

New malware strain strikes X-ray and MRI systems – how can we cure the security sickness?

The Gurus — Thu, 26 Apr 2018 09:57:44 +0000

Jalal Bouhdada, Founder and Principal ICS Security Consultant for Applied Risk

It is perhaps no surprise that a new attack group, dubbed Orangeworm, has been discovered targeting the healthcare industry. There have been repeated warnings that healthcare systems are easy pickings for cybercriminals, and although there has been an understandable desire within the industry to press ahead and unlock the benefits of IoT technology, a lack of consideration regarding the security ramifications of this has begun to concern many.

While innovation in the healthcare industry is having a great impact on the quality of life for many people, what if the opposite is also true? While in the case of Orangeworm it seems the attackers were only looking to learn about the inner workings of a system, could this often life-saving medical equipment be turned against us?

There has been much speculation over potential scenarios in which devices such as insulin pumps are hijacked and held to ransom; or terrorists attack connected pacemakers en masse. Sadly, this is no longer the stuff of fiction, as made clear by the FDA’s recent warnings regarding exploitable flaws in connected cardiac pacemakers. Medical device manufacturers must come to terms with the idea that the security of the healthcare equipment itself is also a life and death issue.

Medical device manufacturers must now begin adhering to best practice security advice. New data privacy laws and strict FDA requirements mean the responsibility is now with the developers to ensure the protection of networks and systems, or they will face the consequences. To help meet these obligations, the security industry and medical device manufacturers must develop a closer relationship, ensuring that new devices are developed with security defences baked in. The ethos of “secure by design” must become entrenched within all product developers.

The post New malware strain strikes X-ray and MRI systems – how can we cure the security sickness? appeared first on IT Security Guru.

Turla Targets Post Soviet States

The Gurus — Wed, 10 Jan 2018 16:07:31 +0000

Russian linked hackers Turla have been targeting consulates in post- Soviet states by using a new tool which uses malware to steal sensitive information, according to recent ESET research.

View Full Story

ORIGINAL SOURCE: IB Times

The post Turla Targets Post Soviet States appeared first on IT Security Guru.

Cryptocurrency Mining Malware has links to N.Korea

The Gurus — Tue, 09 Jan 2018 17:17:03 +0000

A new malware too which installs software that mines virtual currency has links to North Korea, according to Security company AlienVault.

View Full Story

ORIGINAL SOURCE: Dark Reading

The post Cryptocurrency Mining Malware has links to N.Korea appeared first on IT Security Guru.

Lastline now integrated with Phantom Security Automation & Orchestration Platform

The Gurus — Tue, 19 Dec 2017 12:03:16 +0000

Lastline, one of the leading voices in the world of advanced network-based malware protection, have announced a partnership and technology integration with Phantom, the leader in security automation & orchestration. Lastline and Phantom customers can now benefit from the visibility and context that only Lastline provides for malware behaviours and suspicious network activity.
“Effective security demands knowledge of every behavior that malware is designed to execute,” noted Rich Hlavka, VP Business Development, Phantom. “Lastline adds value for our customers by delivering the analysis necessary to detect malware, either as it arrives or while it’s operating on a network, before it has a chance to cause a damaging data breach.”
Phantom Playbooks dictate specific activities to be taken under threatening circumstances, such as a user accessing a malicious IP address or the detection of a “bad” file. Lastline technology now can be engaged by playbooks to provide added detail and context. Lastline detects all behaviours engineered into a malicious file or website, detects suspicious network activity and correlates it with known malware behaviours, and provides added context from the Lastline Global Threat Intelligence Network, all of which is available via Phantom Playbooks.
Lastline technology integrated with Phantom’s platform provides critically important details demonstrating Lastline’s best-in-class reputation, demonstrably better detection, ease of integration, and cost effectiveness, ultimately providing the highest possible added value to customers.
“We’re honored that Phantom chose to work with Lastline to support their automated file, URL, and network analysis,” said Brian Laing, Lastline CRO. “As is the case with our many other partners who are leaders in their respective fields, our joint customers with Phantom see Lastline’s technology as a powerful option to detect malware and suspicious network activity, and protect against damaging data breaches.”
Independent third parties have validated the performance of Lastline for detecting advanced malware. NSS Labs’ 2017 Breach Detection Systems Group Test recognized Lastline as the only breach detection offering they have ever tested to achieve 100 percent Malware Detection and 100 percent Security Effectiveness, and the company achieved this two years in a row.

The post Lastline now integrated with Phantom Security Automation & Orchestration Platform appeared first on IT Security Guru.

How businesses can unwittingly become launch-pads for malware attacks on clients and partners

The Gurus — Wed, 22 Nov 2017 14:01:02 +0000

In business, reputation is everything. So it is not hard to imagine the conversations that took place inside two law firms when they realised they had potentially become malware hubs spreading malicious code among clients and business-partners. The legal ramifications could have been catastrophic.
In the first incident, the PDFs created in the firm were found to contain code for which there was no explanation, while at the second, the document scanner was discovered to be incorporating unauthorised code into the structure of digital files it was generating. The incidents, although entirely separate, both involved pieces of code that could have been triggers for a massive cyber-attack on anyone receiving the documents as email attachments.
This was just what these firms did not need when they send out thousands of attachments every week. There was a strong possibility that their companies had been penetrated by cyber criminals and were in danger of taking their entire supply chains down with them.
It was only because both firms sent files to Glasswall, which provides file-regeneration technology (also known as Content Disarm & Reconstruction), that these pieces of code were detected. Since this technology examines files down to byte-level against the ISO or manufacturers’ standards before they are dispatched, the unexpected and potentially malicious code was quickly picked up.
Had they been deploying traditional anti-virus technology, what might have been code waiting to initiate a zero-day attack could have gone undetected for months, infecting more and more organisations or waiting to go off like a time-bomb when the criminals found the specific target they were looking for.
However, the code was found to be anomalous and the firms were able to sigh with relief. Instead of having their reputations vaporised, they only had to investigate flaws in the software responsible, a product used on a daily basis by all staff.
The detection of these code anomalies is a definite illustration of how cyber risk will start to move much more heavily into the supply chain. Criminals are fully aware that any major organisation they want to target is only as safe as its least secure supplier, which they can use as a backdoor means of illegal entry.
As such threats emerge, we are increasingly going to see malware in writers, in computer hardware and in the chip sets that power them. The UK government must surely be concerned that a leading UK chip-maker such as Imagination Technologies is now in the hands of Chinese state-backed private equity investors Canyon Bridge, who were barred by US President Donald Trump from buying an American rival because of security sensitivities.

A stern warning about relying on traditional methods
In fact the detection of these code anomalies by Glasswall should act as a warning to every business. There can hardly be a company that does not use email attachments throughout the working day and it is the structures of these common file-types such as PDFs that are increasingly used as vectors by criminals spreading malware. More than 90 per cent of successful cyber-attacks commence when someone unknowingly opens a common attachment such as a PDF, Word, PowerPoint or Excel file that has been subtly altered to act as a malware trigger.
Unrecognised by the anti-virus industry’s gatekeepers, these pieces of malicious code are also able to trick their way through sandboxing applications. The constantly evolving sophistication of such exploits leaves organisations hopelessly vulnerable if they rely on a combination of anti-virus solutions and encryption to maintain security. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, yet the biggest sources of danger are inside the structures of common files such as PDFs, Excel and Word.
Research into PDF-borne malware by Glasswall has shown, for example, that in many organisations as little as 1.5 per cent of PDF files contain JavaScript. This means a remarkable 98.5 per cent of known PDF malware files were hiding payloads outside this well-known vector.
Aware of the danger of sending out infected documents, many businesses, especially in the professional sector, also rely on encryption to protect their business partners. Sadly this is mistaken. Encryption may protect a message’s contents from being intercepted and opened up by a third-party, but it will achieve little more than deliver infected files successfully.

Get your security down to byte-level
The only certain defence against these threats is file-regeneration which will conduct minute examinations of each document in fractions of second, generating a clean and sanitised version that can be used in total safety. With PDFs, the technology has detected a change of just two bytes which criminals hid inside the file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack.
Once files have been sanitised, outbound email attachments can be sent in full confidence, having been cleared of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.
In a recent 30-day period, for example, almost three-quarters of all the threats eliminated through file-regeneration were zero-day attacks that would have been completely missed by standard anti-virus technology because they had not previously been assigned an identifying “signature”.
In the absence of Content Disarm & Reconstruction, organisations risk becoming the proxy malware hubs of criminals, facing potentially huge legal liabilities and the destruction of all reputation, which in modern business is equivalent to a death warrant. The only certain defence against this grizzly fate is innovation in the shape of file-regeneration.

The post How businesses can unwittingly become launch-pads for malware attacks on clients and partners appeared first on IT Security Guru.

New Phishing Attack Combines Phishing, Malware and Data Theft

The Gurus — Tue, 07 Nov 2017 10:28:35 +0000

The latest evolution of the Marcher Malware combines phishing, malware and data theft, to ensure attackers have all they need to steal victims’ banking details, researchers warn.
View Full Story
ORIGINAL SOURCE: ZDNet

The post New Phishing Attack Combines Phishing, Malware and Data Theft appeared first on IT Security Guru.

Crunchyroll back Online after being Used to Distribute Malware

The Gurus — Mon, 06 Nov 2017 14:13:26 +0000

Anime site Crunchyroll.com is back online after it was hijacked and used to serve malware to visitors.
Read Full Story
ORIGINAL SOURCE: Bleeping Computer

The post Crunchyroll back Online after being Used to Distribute Malware appeared first on IT Security Guru.

Lastline Again Receives Highest Achievable Security Effectiveness Score in 2017 NSS Labs Breach Detection Systems Group Test

The Gurus — Fri, 20 Oct 2017 10:34:54 +0000

Lastline Inc., the leader in advanced network-based malware protection, today announced that for the second year in a row it achieved 100 percent security effectiveness in the 2017 NSS Labs Breach Detection Systems Group Test. The combination of extraordinary Security Effectiveness and a low total cost of ownership earned Lastline a “NSS Recommended” rating for the third year in a row. Prior to Lastline achieving 100 percent detection in last year’s Breach Detection test, no other product had achieved this result in any NSS test.
NSS Labs conducts independent, real-world testing of the malware-based threats faced by organizations, including drive-by exploits, social media exploits, and threats targeting web and email traffic. Each year NSS Labs increases the sophistication of the threats and the level of evasion techniques employed. This year’s test included seven products from six vendors and had a significantly lower average Security Effectiveness score compared to last year’s test. Despite the elevated sophistication of this year’s test, Lastline detected every single piece of malware.
“We are very pleased with the test results,” said Chris Kruegel, Lastline co-founder and CEO. “NSS Labs is the recognized leader in independent security product testing and can create a testing environment that mimics the sophisticated threats that criminals use to breach networks. Deep Content Inspection is the detection technology that excelled in this year and last year’s test, and is at the core of all Lastline products. Combining years of experience and our uniquely talented engineering team have again demonstrated our ability to detect all behaviors engineered into any piece of malware, and our ability to distinguish between malicious and benign activity. Excellent detection combined with an extremely low false positive rate means that scarce incident response teams are not wasting time following up on false alarms, but instead are using our high-fidelity alerts to respond to real threats.”
Security Effectiveness is only part of the equation that results in improved enterprise security. In addition, Lastline has embraced a cloud-based architecture that results in a lower Total Cost of Ownership (TCO). The low TCO calculated by NSS shows that organizations can afford to deploy unmatched breach detection across their entire network, instead of only at certain locations. With Lastline, IT organizations conserve their scarce security resources while improving breach detection and response.
“Breach Detection Systems are a must-have technology for any organization needing to defend against malware infections and data loss. Threats are becoming increasingly sophisticated, and as a result, this year’s Breach Detection Systems test was significantly more difficult than prior years’ tests,” said Vikram Phatak, CEO at NSS Labs. “Lastline Enterprise achieved a 100 percent Security Effectiveness rating, having detected even the most sophisticated attacks and evasion techniques, and should be on the short list for anyone looking to purchase a breach detection solution.”
To view the 2017 NSS Labs Breach Detection Systems group test results, visit www.lastline.com/nss2017

The post Lastline Again Receives Highest Achievable Security Effectiveness Score in 2017 NSS Labs Breach Detection Systems Group Test appeared first on IT Security Guru.