dcsimg

Backdoors are a security vulnerability

Last month, US Attorney General William Barr resurrected a government appeal to technology companies: Provide law enforcement with an infallible, “secure” method to access, unscramble, and read encrypted data stored on devices and sent across secure messaging services. Barr asked, in more accurate, yet unspoken terms, for technology companies to develop encryption backdoors to their own … [Read more...]

A week in security (July 15 – 21)

Last week on Malwarebytes Labs, we took an extensive look at Sodinokibi, one of the new ransomware strains found in the wild that many believe picked up where GandCrab left off. We also profiled Extenbro, a Trojan that protects adware; reported on the UK’s new Facebook reporting tool, homed in on new Magecart strategies that render them ‘”bulletproof;” identified challenges … [Read more...]

Mac malware combines EmPyre backdoor and XMRig miner

Earlier this week, we discovered a new piece of Mac malware that is combining two different open-source tools—the EmPyre backdoor and the XMRig cryptominer—for the purpose of evil. The malware was being distributed through an application named Adobe Zii. Adobe Zii is software that is designed to aid in the piracy of a variety of Adobe applications. In this case, however, the app was called Adobe … [Read more...]

Mac cryptocurrency ticker app installs backdoors

An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors. Behaviors The CoinTicker app, on the surface, appears to be a legitimate application that could potentially be useful to someone who has invested in … [Read more...]

An in-depth malware analysis of QuantLoader

This guest post is written by Vishal Thakur, CSIRT/Salesforce. For more on Vishal, read his bio at the end of the blog. QuantLoader is a Trojan downloader that has been available for sale on underground forums for quite some time now. It has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. The campaign that we are going to analyze is serving a … [Read more...]