Wednesday, August 17, 2016

Feedly:Understanding Java Code and Malware | Malwarebytes Unpacked. A week in security (Aug 07 – Aug 13)



from Understanding Java Code and Malware | Malwarebytes Unpacked


Last week, we revealed a new Facebook celebrity death hoax, shed light on the case of a fake NatWest Bank Twitter account sneaking into customer conversations, and released an online security survival guide for college students.

Our reverse engineers also pushed out several technical posts on a couple of ransomware, such as Venus Locker and Chimera.

Senior threat researcher Jérôme Segura caught a campaign that delivers two exploit kitsRIG EK and Sundown, to be exact—but have the same payload. The use of two EKs, according to our expert, is already uncommon within the malvertising sphere.

Segura also revealed that Neutrino continues to count on the weaknesses in Flash player for the successful deliver of its payload. The latest campaign he found also sported a new trick.

Notable news stories and security related happenings:

  • Android Bug Fear In 900 Million Phones. “Serious security flaws that could give attackers complete access to a phone’s data have been found in software used on tens of millions of Android devices. The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm. Qualcomm processors are found in about 900 million Android phones, the company said.” (Source: The BBC)
  • Brit Network O2 Hands Out Free Windows Virus With USB Pens. “A marketing campaign by O2 that sent customers USB-embedded pens backfired last week – after it transpired a number of devices contained a ‘Windows-specific virus.’ The UK cellphone network sent out the USB pens to its business customers followed by a marketing email encouraging them to download a free eBook. That was then followed by another email warning that the USB drive inside the pen contained malware.” (Source: The Register)
  • Black Hat USA Shows Enterprises Fail To Learn Security 101 Lessons. “There was plenty of news last week during Black Hat USA about new cyber-threats, vulnerabilities and exploits. The good news is that security technologies are more advanced than ever and researchers are getting better at spotting hacks and malware. The bad news is that most threats are preventable by following “Security 101” practices that require only basic common sense and preparation—advice which often is ignored, overlooked or deemed not cost-effective by executives.” (Source: eWeek)
  • Strider Hackers In Highly-targeted ‘Espionage’ Malware Campaign. “Security researchers have found a previously unknown hacking group that has been carrying out cyber espionage-style attacks against selected targets in Russia, China, Sweden and Belgium. The group, named by Symantec as Strider, uses malware known as Remsec (Backdoor.Remsec) to conduct its attacks. Symantec said the malware appears to be primarily designed for spying purposes. It also said the code contains a reference to Sauron, the all-seeing antagonist in Lord of the Rings.” (Source: SC Magazine)
  • Hackers Take Rio Olympics Through The Back-door. “Skycure claims that visitors to the former capital of Brazil are being targeted by hackers who have set up fake Wi-Fi hotspots designed to steal information from connected devices. These phony wireless networks were spotted by Skycure around the city, but they were most prominent in locations where travelers were most likely to look for a place to connect, like shopping malls, well-known coffee shops, and hotels.” (Source: TechEye)
  • 1 In 3 Americans Report Financial Losses Due To Being Defrauded. “With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance. In the survey of 1,215 Americans, 46 percent said they had been the victim of a scam or fraud, had credit card information stolen, or had someone steal their identity. One in three Americans reported suffering financial loss – with 10 percent reporting that the loss had been over $1,000.” (Source: Help Net Security)
  • ‘Faceless Recognition System’ Can Identify You Even When You Hide Your Face. “With widespread adoption among law enforcement, advertisers, and even churches, face recognition has undoubtedly become one of the biggest threats to privacy out there. By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body.” (Source: Motherboard)
  • Cat-themed Android Ransomware Stealing SMS Messages And Encrypting Files. “A new cat-themed ransomware found to be targeting Android users has been uncovered. The hackers behind the ransomware use a seemingly innocent and cute image of a cat, which appears when an infected device has been remotely locked. The ransomware is also capable of allowing hackers to steal SMS messages, encrypt victims’ files and block access to the phones.” (Source: The International Business Times)
  • Fake QR Code App Gets Hacker Into Luxury Airport Lounges For Free. “Free airline Fast Track for all! Free lunch and booze at luxury airport lounges for all! Duty-free shopping for all! That’s what a fake QR code generating app can get you, according to Przemek Jaroszewski, head of Poland’s Computer Emergency Response Team (CERT). At the Defcon security conference in Las Vegas on Sunday, Jaroszewski presented the simple program that he’s now used dozens of times to get into airline lounges all over Europe.” (Source: Sophos’ Naked Security Blog)
  • Financial Malware Attacks Increase As Malware Creators Join Forces. “Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.” (Source: Help Net Security)
  • Pentagon Bans Pokemon Go Over Spying Fears. “Pokemon Go uses the Global Positioning System satellite network for maps of areas around the handheld mobile devices that utilize the application. Pentagon security officials are concerned the data obtained playing the game could provide pinpoint accuracy on the locations of rooms and other sensitive facilities where secrets are stored. The game also could provide personal data on Pentagon officials with access to secrets, information that could be used in cyber attacks or spying recruitment attempts.” (Source: The Washington Times)
  • This Windows Activation Scam Talks to You So You Won’t Forget to Call & Pay. “Five days ago, we reported about a ransomware/tech support scam that relied on a fake Windows activation screen to scare users into calling a special telephone number and having their operating system unlocked. According to two reports from Bleeping Computer and Malwarebytes, there seems to be a resurgence of tech support scams that follows a trend of mimicking Windows activation screens, which is in no way innovative but hasn’t been spotted so often in such a short period of time.” (Source: Softpedia)
  • New Air-gap Jumper Covertly Transmits Data In Hard-drive Sounds. “Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores. The method has been dubbed “DiskFiltration” by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted.” (Source: Ars Technica)
  • Dota 2 Chat Forum Hit By Hack Attack. “Leaked Source said email addresses, user names and passwords for more than 1.9 million people had been stolen in the attack. The passwords had been weakly protected by extra security measures, it said, and would be easy to crack. The hack was revealed just as Dota 2’s global tournament, The International, gets under way in Seattle.” (Source: The BBC)
  • Thieves Can Wirelessly Unlock Up To 100 Million Volkswagen, Each At The Press Of A Button. “Security researchers will demonstrate how crooks can break into cars at will using wireless signals that can unlock millions of vulnerable vehicles. The eggheads, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, have managed to clone a VW Group remote control key fob after eavesdropping on the gizmos’ radio transmissions.” (Source: The Register)

Safe surfing, everyone!

The Malwarebytes Labs Team

RELATED ARTICLES

July 26, 2012 - That’s right, this week some of the Malwarebytes gang will be out in Las Vegas for the hacker convention: DefCon 20! Who is going? Marcin Kleczynski – CEO Rebecca Kline – Director of Marketing Josh Hall-Bachner – Web Developer Doug Swanson – VP of Development Adam Kujawa – Me! What are we doing there? DefCon...

July 30, 2012 - As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the...

August 8, 2012 - My colleague Adam Kujawa recently wrote a great post about the Malwarebytes experience at the hacker convention DefCon this year. By popular demand, here’s a round-up of my top four favorite DefCon talks from a development perspective: 1. “Stiltwalker”, by “DC949” (http://ift.tt/28JOru2) I am sure everyone is familiar with reCAPTCHA. You have likely wasted hours...

August 24, 2012 - BitCoin is a new-ish form of digital currency.  It allows people to perform financial transactions without the need for a bank or central authority and allows for a large amount of privacy.  Transactions are currently limited to ones performed online and only by individuals and organizations that accept BitCoin as payment. However, in the next...

September 18, 2012 - In war, there are always two sides: the attackers and the defenders.  A less focused on group is the researchers and developers.  While soldiers are fighting a war on the front lines, scientists and engineers are researching and developing new weapons, defenses and tools; things that give their side an advantage.  If one of these...

Web Analytics