Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious ‘scriptlets’ to evade detection. A stealthy new attack distributes Loki malware in Microsoft Excel spreadsheets and other Office applications. The attack, which was discovered by Lastline Labs, is tough to detect in its early stages. It bypasses traditional antivirus and is often dismissed as a false positive...
Read More
Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the card’s redemption code, allowing them to redeem or transfer the card’s balance online after the...
Read More
Microsoft has released updates earlier this month to patch a vulnerability in the Windows 10 Hello facial recognition system that allows an attacker to bypass the facial scan with a printed photo. Windows Hello is a Windows 10-only feature that uses near infrared (IR) imaging to authenticate and unlock Windows devices, such as desktops, laptops, and tablets that use compatible cameras equipped with a near...
Read More
The Cobalt hacking group was one of the first to promptly and actively exploit CVE-2017-11882(patched last November) in their cybercriminal campaigns. We uncovered several others following suit in early December, delivering a plethora of threats that included Pony/FAREIT, FormBook, ZBOT, and Ursnif. Another stood out to us: a recent campaign that used the same vulnerability to install a “cracked” version of the information-stealing Loki. Sold in hacking forums as a password and cryptocurrency wallet stealer, Loki can...
Read More
Three malware strains —GratefulPOS, Emotet, and Zeus Panda— have sprung to life with new active campaigns just in time for the holiday shopping season. While GratefulPOS appears to be a new malware strain, the other two, Emotet and Zeus Panda, have just suffered minor updates to allow them to go after online shops more active this time of year. GratefulPOS Of the three, the most...
Read More
For the seventh year in a row, password management security company SplashDatahas scraped password dumps to find the year’s worst passwords. This year’s research was drawn from over five million leaked passwords, not including those on adult sites or from the massive Yahoo email breach. The passwords were mostly held by users in North America and Western Europe. SplashData estimates that nearly 10 percent of people have used...
Read More
Android malware like ransomware exemplify how the platform can be lucrative for cybercriminals. But there are also other threats stirring up as of late: attacks that spy on and steal data from specific targets, crossing over between desktops and mobile devices. Take for instance several malicious apps we came across with cyberespionage capabilities, which were targeting Arabic-speaking users or Middle Eastern countries. These were published on Google...
Read More
A malware strain known as Loapi will damage phones if users don’t remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone’s components, which will make the battery bulge, deform the phone’s cover, or even worse. Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware...
Read More
Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October. (We detect these malicious apps as ANDROIDOS_STEALERC32). VAMP targeted various types of data from the phones of victims: images, text messages, contacts, and call history, among others. Dozens...
Read More
A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. Microsoft issued an advisory for the vulnerability on Tuesday. Affected are Office 365 customers running Microsoft’s Active Directory Domain Services in conjunction with Azure AD Connect software installed with the Express Settings, according to Preempt Security that first...
Read More
