Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It’s a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core architecture and...
Read More
If you own an Android device, it might already be infected with a dangerous malware called Agent Smith, named after the menacing character in The Matrix. The malware’s already infected around 25 million Android devices globally, with thousands in Australia thought to be compromised. Here’s what you need to know. What is Agent Smith? As reported on Checkpoint, Agent Smith has been invading devices via dodgy third-party...
Read More
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. Dubbed “Media File Jacking,” the...
Read More
Overview Throughout 2018, Proofpoint researchers observed threat actors increasingly distributing downloaders, backdoors, information stealers, remote access trojans (RATs), and more as they abandoned ransomware as their primary payload. In November 2018, TA505, a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”. ServHelper has two variants: one focused on remote desktop functions and a second that...
Read More
Recently, we had an incident response involving the malware DNSPIONAGE. At CERT-OPMD, we thought it would be interesting to share our observations. Mainly, we could observe quietly common actions and tools as described in infography below. HOW DNSPIONAGE INFECTS TARGETS In this blogpost, we will not describe and analyse again the dropper, because Talos did a great job here : https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html But we will focus in...
Read More