Android.Koler – Android based ransomware

by

Recently, a new Android threat named Android.Koler has begun popping up in the news.  According to an article by ARS Technica, it reacts similar to other pieces of ransomware often found on Windows machines.  A popup will appear and state “Your Android phone viewed illegal porn. To unlock it, pay a $300 fine”.  This nasty little piece of malware is infecting people who visit certain adult websites on their phone. The site claims you need to install a video player to view the adult content. Although I can’t say for sure since I haven’t seen the malicious sites, I’m guessing […]

Continue Reading »

DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in the wild

by

With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android’s marketplace using a variety of TTPs (tactics, techniques and procedures). Largely relying on the ubiquitous for the cybercrime ecosystem, affiliate network based revenue sharing scheme, segmented cybercrime-friendly underground traffic exchanges, as well as mass and efficient compromise of legitimate Web sites, for the purpose of hijacking legitimate traffic, the market segment for Android malware continues flourishing. We’ve recently spotted, yet another, commercially available DIY cybercrime-friendly (legitimate) APK injecting/decompiling app. The tool is capable of facilitating premium-rate SMS fraud on […]

Continue Reading »

Evolution of Encrypting Ransomware

by

Recently we’ve seen a big change in the encrypting ransomware family and we’re going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren’t aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes decryption without the key impossible. Paying the ransom will net you the key which in turn leads to getting […]

Continue Reading »

All About Windows Tech Support Scams

by

*Editors Notes:  The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done.  DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer. Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it?  These cold calls typically come from loud call centers, and are targeting the uninformed and naïve in hopes of gaining access to their […]

Continue Reading »

Fake Reviews Trick Google Play Users

by

Here at Webroot, we are constantly on the lookout for malevolent Android apps. In most cases, you do something malicious with your app and you get marked accordingly, but it’s not always that simple. Two weeks ago an app called “Virus Shield” popped up on the Google Play store. Within days, Virus Shield became Google Play’s #1 paid app. With thousands of reviews and a 4.7 star rating, who would question it?  Well, a few people did, the code was looked at, and Google pulled it from the store.  They have even gone as far as to make amends with those […]

Continue Reading »

Managed DDoS WordPress-targeting, XML-RPC API abusing service, spotted in the wild

by

With WordPress continuing to lead the CMS market segment, with the biggest proportion of market share, cybercriminals are actively capitalizing on the monocultural insecurities posed by this trend, in an attempt to monetize the ubiquitous (for the cybercrime ecosystem) TTPs (tactics, techniques and procedures). Despite actively seeking new and ‘innovative’ ways to abuse this trend, cybercriminals are also relying on good old fashioned reconnaissance and ‘hitlist’ building tactics, in an attempt to achieve an efficiency-oriented ‘malicious economies of scale’ type of fraudulent/malicious process. We’ve recently spotted a managed WordPress installations-targeting, XML-RPC API abusing type of DDos (Denial of Service) attack service, […]

Continue Reading »

DIY automatic cybercrime-friendly ‘redirector generating’ service spotted in the wild – part two

by

Cybercriminals continue actively abusing/mixing legitimate and purely malicious infrastructure, on their way to take advantage of clean IP reputation, for the purpose of achieving a positive ROI (return on investment) out of their fraudulent/malicious activities, in terms of attribution and increasing the average lifetime for their campaigns. Acting as intermediaries within the exploitation/social engineering/malware-serving chain, the market segment for this type of cybercrime-friendly services continues flourishing, with more vendors joining it, aiming to differentiate their UVP (unique value proposition) through a variety of ‘value-added’ services. We’ve recently spotted yet another managed/on demand redirector generating service, that’s empowering potential cybercriminals with the […]

Continue Reading »

Commercially available database of 52M+ ccTLD zone transfer domains spotted in the wild

by

For years, cybercriminals have been building ‘hit lists’of potential targets through automated and efficiency-oriented reconnaissance TTPs (tactics, techniques and procedures).  The aim is to fraudulently/maliciously capitalize on these databases consisting of both corporate and government users. Seeking a positive return on their fraudulent/malicious activities, cybercriminals also actively apply basic QA (Quality Assurance) processes, standardization, systematic releasing of DIY (do-it-yourself) cybercrime-friendly applications – all to further ensure a profitable outcome for their campaigns. Thanks to the active implementation of these TTPs, in 2014, the market segments for spam-ready managed services/blackhat SEO (search engine optimization) continue to flourish with experienced vendors starting to ‘vertically integrate’ within the cybercrime […]

Continue Reading »