Category: http://feeds.trendmicro.com/Anti-MalwareBlog/

Read the original article: Our New Blog Security Intelligence Blog has a new home! Our new site is https://www.trendmicro.com/en_us/research.html Read new threat discoveries, relevant perspectives on security incidents and attacks, and the latest news happening in the cybersecurity space. See…

Read more →

Read the original article: August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining…

Read more →

Read the original article: XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode…

Read more →

Read the original article: Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies…

Read more →

Read the original article: Ensiko: A Webshell With Ransomware Capabilities Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the…

Read more →

Read the original article: Ensiko: A Webshell With Ransomware Capabilities Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the…

Read more →

Read the original article: Updates on ThiefQuest, the Quickly-Evolving macOS Malware By Steven Du, Gabrielle Mabutas, and Luis Magisa Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest),…

Read more →

Read the original article: Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws The July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine. The patches address 18 vulnerabilities…

Read more →

Read the original article: Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws The July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine. The patches address 18 vulnerabilities…

Read more →

Read the original article: XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS…

Read more →

Read the original article: New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa While tracking Earth Empura, also known as POISON CARP/Evil Eye, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as…

Read more →

Read the original article: Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous…

Read more →

Read the original article: New Tekya Ad Fraud Found on Google Play In late March, researchers from CheckPoint found the Tekya malware family, which was being used to carry out ad fraud, on Google Play. These apps have since been…

Read more →

Read the original article: Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro…

Read more →

Read the original article: Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers We found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while…

Read more →

Read the original article: Netwalker Fileless Ransomware Injected via Reflective Loading Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware…

Read more →

Read the original article: May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been…

Read more →

Read the original article: QNodeService: Node.js Trojan Spread via Covid-19 Lure QNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal…

Read more →

Read the original article: Targeted Ransomware Attack Hits Taiwanese Organizations A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to…

Read more →

Read the original article: WebMonitor RAT Bundled with Zoom Installer We encountered an attack that conceals RevCode WebMonitor RAT by abusing Zoom installers. The post WebMonitor RAT Bundled with Zoom Installer appeared first on .   Advertise on IT Security…

Read more →

Read the original article: Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this…

Read more →

Read the original article: Grouping Linux IoT Malware Samples With Trend Micro ELF Hash We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files. The post Grouping Linux IoT…

Read more →

Read the original article: Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this…

Read more →

Read the original article: Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems We have constantly observed suspicious activities caused by adware, with common behaviors that include access to seemingly random domains with alternating consonant and vowel names,…

Read more →

Read the original article: Gamaredon APT Group Use Covid-19 Lure in Campaigns In March, we came across an email with a malware attachment that used the Gamaredon group’s tactics. Some of the emails used the coronavirus pandemic as a topic…

Read more →

Read the original article: April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library…

Read more →

Read the complete article: April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library…

Read more →

We discovered a cyberespionage campaign we have named Project Spy infecting Android and iOS devices with spyware by using the coronavirus disease (Covid-19) as a lure. The post Coronavirus Update App Leads to Project Spy Android and iOS Spyware appeared…

Read more →

We found a coinminer bundled with the legitimate installer of video conferencing app Zoom. Users who attempt to download the installer get more than what they bargain for as they instead download the AutoIt compiled malware Trojan.Win32.MOOZ.THCCABO. The post Zoomed…

Read more →

We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. The post More Than 8,000 Unsecured Redis Instances Found in the Cloud appeared first on .   Advertise on…

Read more →

Raccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals and was mentioned as a notable emerging malware in underground forums in a malware popularity report. The post Raccoon Stealer’s Abuse…

Read more →

A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they…

Read more →

A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on…

Read more →

We recently discovered a new campaign that we dubbed “Operation Overtrap” for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using…

Read more →

Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead…

Read more →

Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would…

Read more →

We decided to dig deeper the behavior of Geost, a trojan targetting Russian banks, by reverse engineering a sample of the malware. The trojan employed several layers of obfuscation, encryption, reflection, and injection of non-functional code segments that made it…

Read more →

Before cloud integrated development environments (IDEs) became an option, you, i.e., the developer, typically need to download and/or install everything you need onto your own workstations. However, as DevOps gained traction and cloud computing usage grew, you can now also…

Read more →

Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves…

Read more →

A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS). The post An In-Depth Technical…

Read more →

The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining…

Read more →

We observed an increase in hacking group Outlaw’s activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks. The post Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems appeared first on .  …

Read more →

We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and…

Read more →

Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that most advanced measurement instruments support. However, it is important to note that authentication is not innate in this protocol. The post Security Analysis of Devices That Support SCPI and…

Read more →

Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that most advanced measurement instruments support. However, it is important to note that authentication is not innate in this protocol. The post Security Analysis of Devices That Support SCPI and…

Read more →

2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important)…

Read more →

2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important)…

Read more →

We found three malicious apps in the Google Play store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication…

Read more →

We found three malicious apps in the Google Play store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication…

Read more →