Posts Categorized: Targets


Today’s “massive” password breach: a Webroot perspective

by

First, this is not a blog about a big corporate breach, or a massive new discovery.  Rather, the researchers at Trustwave gained access to a botnet controller interface (the C&C element of a botnet) known as Pony and revealed the data within. Not surprisingly, as the vast majority of botnets target user credentials, this controller had a good deal of data related to passwords. While 2 million passwords might seem like a lot, it is really a drop in the bucket compared to many recent breaches. Think about Adobe who lost a minimum of 28 million, but is rumored to […]

Continue Reading »

Cybercriminals release new commercially available Android/BlackBerry supporting mobile malware bot

by

Thanks to the growing adoption of mobile banking, in combination with the utilization of mobile devices to conduct financial transactions, opportunistic cybercriminals are quickly capitalizing on this emerging market segment.  Made evident by the release of Android/BlackBerry compatible mobile malware bots. This site is empowering potential cybercriminals with the necessary ‘know-how’ when it comes to ‘cashing out’ compromised accounts of E-banking victims who have opted-in to receive SMS notifications/phone verification, whenever a particular set of financial events take place on their bank accounts. A new commercially available Android, BlackBerry (work in progress) — supporting mobile malware bot is being pitched by […]

Continue Reading »

How to avoid unwanted software

by

We’ve all seen it; maybe it’s on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you’ve never heard of, there’s a new, annoying toolbar in your browser. Maybe you’re getting popup ads or have a rogue security product claiming you’re infected and asking you to buy the program to remove the infection. Even worse, you don’t know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use […]

Continue Reading »

DIY malicious Android APK generating ‘sensitive information stealer’ spotted in the wild

by

Back in June, 2013, we offered a peek inside a DIY Android .apk decompiler/injector that was not only capable of ‘binding’ malicious Android malware to virtually any legitimate app, but also, was developed to work exclusively with a publicly obtainable Android-based trojan horse. In this post, I’ll profile a similar, recently released cybercrime-friendly Windows-based tool that’s capable of generating malicious ‘sensitive information stealing’ Android .apk apps, emphasize on its core features, and most importantly, discuss in depth the implications this type of tool could have on the overall state of the Android malware market. More details:

Continue Reading »

Potentially Unwanted Applications and You

by

By Adam McNeil PUA’s (Potentially Unwanted Applications) are often nuisance applications which serve little purpose other than using your computer as a gateway for online advertisements or as a catalyst to deliver annoying applications that may pester you to the point where you want to throw your computer out a window.  Anti-Malware companies usually have pretty weak detection of these types of programs and have generally failed to protect their customers’ computers from this sort of bloatware.  As a result, countless users have to suffer through agonizing pains of pop-up windows, webpage redirects, search redirects, and sometimes even bluescreens just […]

Continue Reading »

New Mac Malware Uses Right-to-Left Override To Trick Users

by

By Michael Sweeting After a relatively long lag period without seeing any particular new and exciting Mac malware, last week we saw the surfacing of a new and interesting method of compromising the OSX system. Malware authors have taken a new approach by altering file extensions of malicious .app packages in order to trick users into thinking they are opening relatively harmless .pdf or .doc files. Changing file extensions in Mac OSX can be tricky due to a built in security feature of the OS that detects attempts to change the extension and automatically annexes the extension of its correct […]

Continue Reading »

New commercially available Web-based WordPress/Joomla brute-forcing tool spotted in the wild

by

Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with the necessary tools to achieve their objectives, several questions worth discussing emerge in the broader context of trends and fads within the cybercrime ecosystem. What’s the current state of the brute-forcing attack concept? Is it still a relevant attack technique, or have cybercriminals already found more efficient, evasive […]

Continue Reading »

Master Key Bug Patch – Webroot SecureAnywhere Mobile Update on Google Play Now

by

By Nathan Collier Last Friday we blogged about the radical Android OS bug 8219321, better known as the “Master Key” bug, which was reported by Bluebox Security. Check out last weeks blog if you haven’t already: “The implications are huge!” – The Master Key Bug. We mentioned how we have been diligently working on protecting those not yet covered by patches or updates, and finding a solution for older devices as well. We are happy to report we have the solution! The newest version of Webroot SecureAnywhere Mobile with a patch for the “Master Key” bug can be found on the […]

Continue Reading »

“The implications are huge!” – The Master Key Bug *UPDATED*

by

By Nathan Collier and Cameron Palan Last week, Bluebox Security reported they’d found a new flaw with the Android OS, saying “The implications are huge!”. The bug, also known as the “Master Key” bug or “bug 8219321”, can be exploited as a way to modify Android application files, specifically the code within them, without breaking the cryptographic signature. We call these signatures the “digital certificate”, and they are used to verify the app’s integrity. Since the bug is able to modify an application and still have the certificate appear valid, it is a big deal.

Continue Reading »

Android.Bankun: Bank Information Stealing Application On Your Android Device

by

By Nathan Collier There’s one variant of Android.Bankun that is particularly interesting to me.  When you look at the manifest it doesn’t have even one permission.  Even wallpaper apps have internet permissions.  Having no permissions isn’t a red flag for being malicious though.  In fact, it may even make you lean towards it being legitimate. There is one thing that thing that gives Android.Bankun a red flag though.  The package name of com.google.bankun instantly makes me think something is fishy.  To the average user the word ‘Google’ is seen as a word to be trusted.  This is especially true when […]

Continue Reading »