dcsimg

Mac cryptocurrency ticker app installs backdoors

An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors. Behaviors The CoinTicker app, on the surface, appears to be a legitimate application that could potentially be useful to someone who has invested in … [Read more...]

A week in security (July 30 – August 5)

Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data. Other news: Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal) Yale University disclosed that they … [Read more...]

Cybercrime tactics & techniques Q2 2018

A generally slow quarter reflects an overall lull in cybercrime, picking up where Q1 left off with cryptominers continuing to dominate, ransomware continuing to evolve through experimentation, and exploits making a small but significant comeback. In nearly every malware category for both business and consumer detections, we saw a decrease in volume, corroborating our general “Dang, it’s been a … [Read more...]

Obfuscated Coinhive shortlink reveals larger mining operation

During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive’s infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular Content Management Systems (CMS) to compromise websites and push payloads both client- and … [Read more...]

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being distributed by chat users posing as admins, who posted the following shell script for users to run: cd /tmp … [Read more...]

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant’s website, and how to manage your child’s online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news Homeland Security subpoenas “Flash Gordon” (Source: ZDNet) Looking into the … [Read more...]

A week in security (May 28 – June 3)

Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We also shared our latest intel about America Geeks, a band of tech scammers that we profiled in 2015 and … [Read more...]

New Mac cryptominer uses XMRig

A new Mac cryptominer was discovered this week, after affected users saw their fans whirring out of control and a process named “mshelper” gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove. The malware became public knowledge in a post on Apple’s discussion forums, where the “mshelper” process was found … [Read more...]

A look into Drupalgeddon’s client-side attacks

Drupal is one of the most popular Content Management Systems (CMS), along with WordPress and Joomla. In late March 2018, Drupal was affected by a major remote code execution vulnerability (CVE-2018-7600) followed by yet another (CVE-2018-7602) almost a month later, both aptly nicknamed Drupalgeddon 2 and Drupalgeddon 3. These back-to-back vulnerabilities were accompanied by proof of concepts that … [Read more...]

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a journalist, encouraged retailers to ask the right questions to protect their business, and weighed in on a way … [Read more...]