Security Alerts & News
by Tymoteusz A. Góral

#1491 iSpy Keylogger targets passwords, Skype, webcams
Researchers are monitoring sales and infection rates of a new keylogger being sold on the dark web for $25 to $35.

Along with capturing keystrokes, iSpy grabs passwords stored in web browsers, records Skype chats, takes webcam screenshots and steals the license keys of software such as Adobe Photoshop and Microsoft Office.

According to Zscaler ThreatLabZ, the malware is delivered via malicious JavaScript or document attachments in spam campaigns. What makes iSpy a unique keylogger, says ThreatLabZ, is the fact versions of it are signed and use (expired) digital certificates in an attempt to maintain an appearance of legitimacy when being scanned initially by security software.
#1490 New malware is hitting your network every four seconds
An exponential rise in malware means employees are at the highest risk ever of accidentally installing malicious software onto the enterprise network - and it happens every four seconds within the average company, a new report has warned.

Cybersecurity researchers at Check Point analysed information on over 30,000 security events discovered by the company's ThreatCloud prevention software at more than 1,000 companies across the globe.

They found that employees in industry, finance, government and other sectors are very much taking a cavalier attitude to cybersecurity and downloading potentially harmful files to the company network.

It's unknown malware - malicious software which isn't yet recognised by security systems - which is most likely to be downloaded by employees and according to the report, it happens every four seconds on average across the organisations analysed in the report. The figure adds up to 971 unknown malware downloads per hour, representing nine times more downloads than the previous year, when the figure was 106 downloads per hour.
#1489 Malware-infected USB sticks posted to Australian homes
USB sticks containing harmful malware have been left in Australian letterboxes, police in Victoria have warned.

Residents of Pakenham, a suburb of Melbourne, have reportedly found the unmarked sticks in the boxes.

Plugging them into a computer triggers fraudulent media-streaming service offers, as well as other malware, the force said in a statement.

The devices are "extremely harmful" and should not be used, police say.
#1488 The banker that can steal anything
In the past, we’ve seen superuser rights exploit advertising applications such as Leech, Guerrilla, Ztorg. This use of root privileges is not typical, however, for banking malware attacks, because money can be stolen in numerous other ways that don’t require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy. We had been watching the development of this malicious program closely and found that Tordow’s capabilities had significantly exceeded the functionality of most other banking malware, and this allowed cybercriminals to carry out new types of attacks.
#1487 Mamba ransomware encrypts hard drives rather than files
Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive.

The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to researchers at Morphus Labs in Brazil. It was discovered by the company in response to an infection at a customer in the energy sector in Brazil with subsidiaries in the U.S. and India.

Renato Marinho, a researcher with Morphus Labs, told Threatpost that the ransomware is likely being spread via phishing emails. Once it infects a machine, it overwrites the existing Master Boot Record with a custom MBR, and from there, encrypts the hard drive.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12