Top IT Security Bloggers
Trend Micro - Security Intelligence
-
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
Trend Micro - Security IntelligenceEight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals.
The post US Local Government Services Targeted by New Magecart Credit Card Skimming Attack appeared first on . -
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Trend Micro - Security IntelligenceWe have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware.
The post XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers appeared first on . -
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
Trend Micro - Security IntelligenceWhile tracking Earth Empura, also known as POISON CARP/Evil Eye, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as AndroidOS_ActionSpy.HRX). During the first quarter of 2020, we observed Earth Empusa’s activity targeting users in Tibet and Turkey before they extended their scope to include Taiwan. The campaign is reportedly targeting victims related to Uyghurs by compromising their Android and iOS mobile devices. This group is known to use watering hole attacks, but we recently observed them using phishing attacks to deliver their malware.
The post New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa appeared first on . -
Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
Trend Micro - Security IntelligenceThis month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
The post Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs appeared first on . -
New Tekya Ad Fraud Found on Google Play
Trend Micro - Security IntelligenceIn late March, researchers from CheckPoint found the Tekya malware family, which was being used to carry out ad fraud, on Google Play. These apps have since been removed from the store, but we recently found a variant of this family that had made its way onto Google Play via five malicious apps, although these have also been removed. (We detect these as AndroidOS_Tekya.HRX.)
The post New Tekya Ad Fraud Found on Google Play appeared first on . -
Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
Trend Micro - Security IntelligenceWe recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones
The post Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique appeared first on . -
Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Trend Micro - Security IntelligenceWe found two malware files that pose as Zoom app installers. One of the samples installs a backdoor that allows malicious actors to run routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.
The post Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers appeared first on . -
Netwalker Fileless Ransomware Injected via Reflective Loading
Trend Micro - Security IntelligenceRansomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.
The post Netwalker Fileless Ransomware Injected via Reflective Loading appeared first on . -
QNodeService: Node.js Trojan Spread via Covid-19 Lure
Trend Micro - Security IntelligenceQNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things.
The post QNodeService: Node.js Trojan Spread via Covid-19 Lure appeared first on . -
May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released
Trend Micro - Security IntelligenceThis month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important.
The post May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released appeared first on .