Evolving malicious tool adopts service model, grows increasingly complex
The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5,000, even after its source code leaked earlier in the year.
Facebook introduces free downloads of anti-malware software
Facebook has announced that it has added downloadable anti-malware software to its abuse detection and prevention systems. Provided in conjunction with F-Secure and Trend Micro, Facebook's new service is aimed at Windows users with infected devices. A pop-up notification appears upon signing into Facebook on an infected device; the app sends scan notifications within Facebook, and when the scanning is completed, the software uninstalls.
Verify Apps updated to check for Android malware regularly after installation
Google is attempting to improve the security of Android, by changing the way it monitors apps on mobile devices. The Verify Apps service, which protects smartphones and tablets by checking the apps for malware at the time of installation and warning over potentially harmful software, will be updated to provide constant on-device monitoring of apps after the installation.
Media attention succeeds where developer reports failed
Thanks to media attention, Apple has now pulled an adware- and malware-laced fake "Tor browser" app from the App Store, months after it was first reported to be a fraud. The Tor project team has repeatedly complained about the fake app since December, as it was neither submitted by the team nor in any way official, but only when iOS news sites like this one picked up on the story did Apple take action.
Malware identified before it sent any customer data outside Target
Reports are circulating that Target knew of its "Black Friday" data breach much earlier than it said it did. Allegedly, the company was alerted by security firm FireEye that there was a potential problem as early as November 30, but no action was taken. Additionally, auditors discovered that Target had disabled features of its security suite that could have removed the infection, prior to it purloining millions of sets of customer's payment method data.
NSA shifting from personal hack to 'industrial scale' widespread attacks
Recently-examined Snowden-leaked documents have shown that the NSA is looking at significantly growing its ability to install malware on a large scale, using automated systems and falsified websites. The documents detail efforts to fake a Facebook server, with the targeted population infected upon visitation of the spoof site.
Remote access tool Dendroid injects malware code into APK files
A HTTP new remote access toolkit (RAT) that is cause for concern has surfaced, according to anti-virus/anti-malware program maker Symantec, which makes turning legitimate Android apps into malware easier than before. The program, Dendroid (tagged as Android.Dendoroid by the security company), offers an easy-to-use commercial solution to inject malicious code for trojan access into APK files for placement on Android marketplaces, bypassing security checks.
Now being spread through Bitcoin programs found on download.com
The newly-detected OS X malware dubbed "OSX/CoinThief.A," a "trojan horse" that disguises itself as a copy of a legitimate app, has spread to other Bitcoin applications. SecureMac, an anti-virus software seller, discovered the original implementation of the malware disguised as a pre-compiled version of an open-source Bitcoin tool. It has now been seen pretending to be other Bitcoin apps, some of which are available on Download.com.
Trojan horse Flashback botnet returns, Intego VirusBarrier includes protection
The Flashback botnet -- a malware attack which first appeared in 2011 -- has been noted as being still a threat in 2014, according to Intego. Beginning January 2, Intego studied command and control domains, and its sinkhole servers recorded all connections from Macs where Flashback is still active, trying to contact the command and control servers. This research, as of Tuesday, counted 14,248 unique identifiers of Flashback variants.
Claims 'real-world' security testing by users makes it better
In the face of security studies that show that more than 90 percent of new mobile malware is found on the Android platform, Google's Chairman Eric Schmidt raised eyebrows and drew laughter at a Gartner symposium and IT expo by refuting a presenter's statement that the platform has serious security and fragmentation issues, claiming both that Android is "more secure than the iPhone," and that access to Google Play eliminates the issue of Android fragmentation.
More uniform cross-platform interface, offers iOS, Android security
Webroot has launched the latest versions of its SecureAnywhere range of home computer security suites. The new Webroot SecureAnywhere Antivirus, Internet Security Plus, and Internet Security Complete adds new detection technology for protecting against new malware and phishing attacks, along with a redesigned interface for easier monitoring.
Apple's iOS seen to have 0.7 percent of threats targeting it
A memo written by the US Department of Justice and the Department of Homeland Security last year found that around 79 percent of mobile malware is designed to attack vulnerabilities in Android, with another 19 percent exploiting flaws in the discontinued but still widespread Symbian. Apple's iOS was seen to be threatened by 0.7 percent, while system such as Windows Mobile and BlackBerry drew only 0.3 percent of threats.
More questions raised about Apple app approval process
The security of Apple’s App Store approval process has had its credibility challenged following revelations that it approved an app that was submitted by researchers with remotely assembled malware hidden in its code. According to Technology Review, the team from Georgia Tech monitored the app throughout the approval process and found that Apple only ran the app for a few seconds before approving it. This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails.
Exploits, malware, tools purchased by FBI for remote surveillance hacks
The Federal Bureau of Investigation is able to listen into and record conversations through microphones connected to computers, as well as through Android smartphones, according to a report. The bureau is said to have used hacking tools, including spyware and other malware, that it has purchased from individuals and hacker collectives to gain access to mobile devices, in order to eavesdrop.
Already in iOS 7 beta; hack demonstrated earlier today
Apple says it has already fixed an obscure security flaw that could have allowed hackers to access data on an iOS device through the use of a specially-designed custom USB device that looks like a charger but in fact contains a tiny Linux-powered computer designed to insert malware. The fix is already present in the most recent iOS 7 beta and will be incorporated into the OS when it is released to the public this fall, the company says, and involves notifying users whenever they connect to another computer, even through the power adapter.
Until XProtect updated, only cure is to reset browser
US Government-sponsored report claims China biggest offender
The US Commission on the Theft of American Intellectual Property has released a report, calling for the use of malware and root kits to enforce US corporate-owned copyrights and media. As proposed, the report calls for the infringing file to be "rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account."
App dumps screenshots into a folder, command and control servers inactive
A new semi-functional malware has been found for OSX. Discovered on a computer at the Oslo Freedom Forum by researcher Jacob Appelbaum, the OSX/KitM.A is a backdoor application which launches on boot and captures screenshots on a regular basis, which are then dumped in a folder.
Trojan horse points to non-functional webpage, part of sound file
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.
BlackBerry, iOS, Windows Mobile have fewest and most innocuous threats
(Updated with Phil Schiller Twitter post) For years, Mac owners have gently rebuffed the myth that the Mac is so resistant to viruses because of "security through obscurity." No, they'd say, it's because the OS is better hardened against threats. Now the malware discussion has moved on to mobile, and that case is being debated anew: the most popular and one of the fastest-fading current cellphone OSes are responsible for a whopping 89 percent of all mobile device malware, while three of the most well-known smartphone platforms -- iOS, Blackberry and Windows Mobile -- have the fewest issues.
Exploits affect both platforms, one targets the Mac specifically
Adobe has issued a patch to update Flash on both the Mac and Windows platform in order to fix two new vulnerabilities already being exploited "in the wild" to spread malware. One of the targeted attacks using the exploit works equally well against Mac users as it does against Windows users. Visitors are tricked into downloading and opening MS Word files that contain malicious Flash content, while the other vulnerability users a similar technique but only affects Windows users.
Users of infected machines warned about malware
Microsoft and Symantec have shut down the Bamital botnet, after obtaining a court order to seize the network's controlling servers. The network, dedicated to redirecting users of computers infected with malware to incorrect search results and online advertisements, is estimated to have earned around $1 million per year for it's operators.
Security program manager challenges test results
Security Essentials, the anti-virus and anti-malware software supplied by Microsoft has failed in anti-virus certification tests. Out of 25 consumer antivirus programs tested by independent laboratory AV-Test in late 2012, only three failed to pass muster, with Microsoft Security Essentials 4.1 being joined by PC Tools Internet Security 2012 and AhnLab Internet Security 8.0.
Vulnerability found in Java 7 Update 10
A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.
Uses 'SMS activation' to hide subscription charge on cell bill
A Russian security firm with a mixed track record is warning about a new malware threat for the Mac, which masquerades as an installer for various types of software. Doctor Web, who claimed to have discovered the malware, says it is widely available on various sites -- though at present it is targeting Russian Mac users. The Trojan is apparently a Mac variation on a widespread Windows and Android trickware ruse that asks users for their cell number in order to send an activation code by SMS.
Authentication server penetrated; code signed as Adobe-authentic
Adobe warned today that an internal digital code signing server was hacked by "sophisticated threat actors" focusing on Adobe. The early-July hack led to the compilation of a minimum of two malicious files that were digitally signed and authenticated as Adobe genuine software. The hack gave the attackers the means to build malware that the operating system views as legitimate Adobe-created software, making it that much harder for security packages to detect and eliminate the threat.
Stops infected email, files from passing on Mac or Windows malware
Although iOS is widely considered to be all but completely malware-free, Mac security company Intego has created an iOS version of its malware scanner VirusBarrier that works with all iOS 4.0 and higher devices. The program is mainly used to scan email attachments for potential Windows viruses, but can also detect any Mac or UNIX malware, adware, keyloggers and Trojan Horse-type programs. The program can also scan ZIP archives and files stored in some cloud locations such as Dropbox, FTP and websites or WebDAV disks.
Hundreds of strains of malware hosted on 70,000 domains
Microsoft announced Thursday that it was granted permission by the US District Court for the Eastern District of Virginia to wrest control of the "Nitol" botnet. In the filing, Microsoft described how it purchased computers from several districts in China, and approximately 20 percent of them came pre-infected with the malware. Titled "Operation B70" by Microsoft, the seizure of the botnet hubs is the latest attack that the manufacturer has undertaken in an attempt to derail large-scale internet crime operations based off of its operating system.
Energy production not affected, no estimated time of recovery
Another Mideast energy firm has been infected by malware, the second in as many weeks, with energy firm RasGas forced to disconnect itself from the Internet as a precautionary measure after an "unknown virus" overcame countermeasures. Natural gas production has thus far not been affected. Both attacks have been intended for data destruction rather than theft, and spread around internal networks by lurking on shared hard drives.
Possibly infected MacBook Pro and more
This week in the MacNN forums one forum member is trying to see if it's possible to install and run Mac OS X on a computer that previously ran Windows, click here to give advice. One disgruntled forum goer is concerned about a MacBook Pro possibly infected with malware, and seeks help to solve the problem.
Code auto-uninstalls using newly-sent command
The originators of the accidentally-discovered Flame malware may have sent commands to the controlled machines to delete and overwrite itself. Interestingly, rather than use a pre-existing command in the code, aptly titled SUICIDE, the controllers sent a whole new directive file that assisted in the auto-uninstallation.
Complex data vacuum likely government-backed
Russian security firm Kaspersky has uncovered a massive malware attack, referred to as Flame, that is believed to have gathered sensitive data from a wide array of countries, including Israel and Iran. The malware is said to be modular and expandable in a manner reminiscent of a smartphone app library. The BBC reports that the complexity of the malware has led experts to believe that it could only have been developed with the assistance of a government entity.
Android.Opfake reemerges, now pushing fake free apps
Symantec has discovered a novel implementation of the Android.Opfake malware, one that takes users through a fraudulent app-download process before charging them for what was initially billed as a free app. The malware is notable because it actually directs users through the Google Play app store in the process of defrauding them of money.
Android hit by first mobile drive-by attack
Mobile security firm Lookout has issued an update alerting Android users to a new drive-by malware attack. In a first for mobile devices, the latest exploit uses hacked websites to target Android users. Users who have been affected have navigated unsuspectingly to a compromised website that has a hidden iframe at the bottom of each page triggering the NotCompatible Trojan to download to their Android device.
Now under 100,000 units, falling fast
The Java-exploiting malware OSX.Flashback.K variant has ceased to be a meaningful threat to Mac owners, and the number of infected Macs has dropped to one-sixth its high point in just over a week, reports utility vendor Symantec. The malware, which was the most successful attack thus far in the Mac world due to a slow updating of Java, was never much of an actual security threat but did manage to reach around one percent of installed base, a record for malware penetration.
Helps stop accidental passing of PC viruses
Windows anti-virus software maker Avira has released a free version of the software for Macs, called Avira Free Mac Security. It is available for consumers and businesses alike who may wish to guard against malware downloads and the accidental acquisition and passing on of Windows viruses. While Mac OS X is not affected by viruses and malware aimed at Windows, Mac users can inadvertently e-mail or otherwise share infected files.
Malware may sniff for user names, passwords
A new malware threat dubbed Flashback.N, is actually a variant of an older one, claims anti-virus software maker Intego in a new blog post. Users who visit hacked or maliciously-crafted websites may see a delay, followed by a false password-request dialog box claiming to be from "Software Update." If accidentally installed, the malware inserts code into Safari's resources and will attempt to search network traffic for user names and passwords.
Android malware, RootSmart, infecting phones
A new piece of Android malware is afflicting thousands of users. North Carolina State University professor Xuxian Jiang, who documented the nature and behavior of RootSmart last week, believes that between 10,000 to 30,000 user devices are connecting to a botnet without their knowledge everyday. Most of the affected users thus far are located in China and have installed the GingerBreak root access tool for Android 2.3 (Gingerbread).
More than before, but not consummate with growth
The Mac platform saw a modest increase in malware outbreaks in 2011 over years past, but still "a small fraction" when compared to Windows, said security firm F-Secure. It added that while malware attacks were increasing, the rate of increase was not commensurate with the growth of the platform, suggesting that most exploits tend to come from programs rather than flaws in the OS itself. In all, the company identified 58 separate threats in 2011, most stemming from a handful of vulnerabilities.
Steals GPU time, tries to capture passwords, more
Anti-malware makers Sophos and Intego have warned of a new Mac OS X Trojan Horse that hides inside pirated software, specifically GraphicConverter v7.4. The malware, known as OSX/Miner-D or "DevilRobber," steals GPU time to generate counterfeit Bitcoins (part of anonymous digital cash system) and also attempts to steal usernames and passwords through periodic screen captures. It also sends information about the Mac's security setup and browsing history to a remote server.
Malware spotted in 20 titles in Android Market
Several months after Google pulled a long list of titles from the Android Market to help protect users against Malware, the platform has reportedly been targeted by a fresh scam. Security software company NetQin claims to have found malware contained in over 20 Android apps, causing devices to auto-dial phone numbers or send text messages that lead to unwanted fees.
Introduces Plus version, more frequent updates
Intego today updated its free VirusBarrier Express anti-malware program to version 1.1, improving and simplifying the program's malware definition update system. The company will now update malware definitions at least once a month, and without charge (a change from the previous system) and will now limit itself to Mac malware definitions (another change). The company also introduced a new product, VirusBarrier Plus, also sold exclusively through the Mac App Store, that guards against both Mac and Windows malware so that Mac users don't pass on Windows viruses or malware (which won't affect the Mac) on to Windows-using friends accidentally.
Current model leaves users vulnerable
Google has taken steps to address the rising malware problem that threatens to plague the platform. According to a report
from Mashable, Google has pulled 21 apps from the Android Market that have been identified as being aimed at gaining root access to a user’s personal data. While proponents for Google’s platform often deride Apple’s iOS platform for being “closed” and for Apple’s App Store approval process, Google’s stance has seemingly left its users vulnerable to serious security threats.
Java exploits seen as a growing threat
Anti-virus software maker Sophos -- who recently introduced a free Mac Home Edition of their anti-malware program -- have gathered the statistics generated by their 150,000-strong Mac user base to compile a snapshot report on threats facing the platform. While the results tacitly admit the lack of actual Mac viruses and the low incidence of other Mac-specific malware, the company says the risk of Mac-specific or platform-independent non-virus malware -- and the need for detection software -- is growing.
Collects user info; removal tool available
The SecureMac team along with ESet Security have identified a new variant of the trojan horse malware they call "Boonana" (Intego and other firms refer to it as a form of the Windows trojan "Koobface," for reasons SecureMac disputes) that uses even crueler trickery in an attempt to convince users to install it. In addition, the companies has identified new servers actively collecting keylogged data such as user names and passwords. Though easy to prevent infection or remove if infected, the refined setup and misleading nature may fool novice users.
Features new interface, rules editor
Intelus, makers of MacVide, have updated their network firewall application ProteMac NetMine to v2, bringing with it an all-new interface and new firewall rules editor as well as real-time connection requests. The two-way firewall protects Macs from malicious attacks or software from both internal and external network sources, providing protection from hackers, keyloggers, malware and unauthorized program use.
Malware can set up its own server on infected Mac
Intego has sent out an alert to a new form of Mac malware called HellRTS. It is a low risk backdoor code allowing remote users to take control of a computer. The RealBasic-built, universal code can set up its own server on an infected Mac, configure a server port and password. It duplicates itself, using the names of Mac applications, adding the new applications to a user's login items, ensuring that it starts up at login. It sends e-mail via its own mail server, contacting a remote server to give access to an infected Mac.
Flash blocking improved with new features
The Camino Project has released an update to its self-titled browser for Mac OS X. Version 2.0 adds a tab overview feature that allows users to quickly browse all open tabs in a layout preview. Tabbed browsing has also been improved with drag-and-drop rearranging, a scrollable bar, and a dedicated menu listing all of the open tabs.
Snow Leopard antivirus
The upcoming Snow Leopard update reportedly contains new anti-malware functionality, according to the Mac security company Intego. A number of beta testers have noticed a new warning screen that alerts users to malicious code. A leaked screenshot shows an alert dialog for an RSPlug Trojan contained in a disk image downloaded through Safari.
Mac Trojan spotted
TrendMicro has spotted another Domain Naming System (DNS) Trojan targeting Mac systems. The malware, known as OSX/Jahlav-D, masquerades as a MacCinema Installer. Users are prompted to update QuickTime Player by downloading a QuickTimeUpdate.dmg file.