Posts Categorized: Uncategorized


Android.Bankun: Bank Information Stealing Application On Your Android Device

by

By Nathan Collier There’s one variant of Android.Bankun that is particularly interesting to me.  When you look at the manifest it doesn’t have even one permission.  Even wallpaper apps have internet permissions.  Having no permissions isn’t a red flag for being malicious though.  In fact, it may even make you lean towards it being legitimate. There is one thing that thing that gives Android.Bankun a red flag though.  The package name of com.google.bankun instantly makes me think something is fishy.  To the average user the word ‘Google’ is seen as a word to be trusted.  This is especially true when […]

Continue Reading »

Top 5 Fake Security Rogues of 2013

by

By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it’s one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you’re forced to read their scam. Although they use various tactics and convincing GUIs to get onto your computer, they all share a common goal: To get your money.

Continue Reading »

Adobe Flash spoof leads to infectious audio ads

by

By Tyler Moffitt We’ve seen quite a few audio ads infecting users recently. We think it’s a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. You might not be able to see, but the “f” is a little off on the tiny icon at the top left. Either way it looks quite legitimate. It doesn’t matter what option you check; once you click “NEXT” you’ll get this next window. […]

Continue Reading »

Android.TechnoReaper Downloader Found on Google Play

by

We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below:

Continue Reading »

Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

by

By Tyler Moffitt Recently we have seen an increase in fake installer scams attempting to trick computer users into installing disguised rootkits directly on their machines. In this post, we want to highlight how a scam like this can be installed and infect a machine, including behavior to watch out for as well as how to remedy the situation if it were to arise. In the case of this infection, we are utilizing a bogus Adobe Flash Player installer. Normally, this file would be downloaded from a website after a message stating “You need the latest version of Flash to view […]

Continue Reading »

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

by

Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem. In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, […]

Continue Reading »

Novel Approach to Malware Discovery in today’s Threat Landscape

by

There are a number of similarities between biological viruses and those which infect our PC’s. For one, both types of infections rely on mutations to evade detection and survive. The faster the mutations, the more difficult an infection is to combat. This is because those who spend their time and effort fighting such infections are likely to miss a mutation and therefor lack the chance to create a cure. This point is especially true with traditional antivirus technology where discovery and detection techniques have not kept up with the rapid pace of mutations common in today’s threat landscape. The recent NY […]

Continue Reading »

Fake BBB (Better Business Bureau) Notifications lead to Black Hole Exploit Kit

by

Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns – the BBB (Better Business Bureau). Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit. More details:

Continue Reading »

Phishing For Bank Account Information

by

When you’re a threat researcher, you are always on the look out for anything that looks ‘phishy’, even if it’s on your own personal time. Today, I opened my personal email to find this: Although the email looked very convincing, I don’t bank with Smile Bank so I knew something was up. Smile Bank is an actual bank based in the UK. The bad guys used a spoofed email address to make it look like it came from the legit Smile Bank domain smile.co.uk. If someone did bank with Smile Bank, I can see how they could easily be tricked. It’s […]

Continue Reading »