Anatova Ransomware Reaches Global Market

A new ransomware family, dubbed Anatova by researchers, has been infecting machines across the globe. During encryption, Anatova appears to focus on small files to speed up overall encryption times, but doesn’t append the encrypted files with a new extension. Unexpectedly, this variant demands DASH crypto coins, rather than using a currency with a less visible transaction ledger. It also uses several tactics to prevent analysis in both real-world and virtual environments.

Android Malware Remains Dormant until it Detects Motion

On the Google Play store, researchers have discovered several malicious apps that rely on an unusual trigger to install a banking Trojan: motion sensors. By monitoring the motion sensor in a specific mobile device, the malware can determine if it is a real victim device or a research emulator (which would likely remain stationary during analysis.) In particular, one of these insidious apps was downloading the Anubis banking Trojan, which launched a fake Android update screen to start keylogging in hopes of capturing banking credentials.

Google Faces First Major GDPR Fine

Regulators in France have issued a fine against Google for two separate complaints, the first being the company’s misuse of their users’ data, the second being the legal use of that data without providing the user enough details to give fully-informed consent. This fine is the first issued by the CNIL, the official regulator for France, and could cost Google up to $57 million.

ElasticSearch Database Exposes Online Gambling Bets

In the last couple days, security researchers have discovered a database holding sensitive information on dozens of online casino sites’ bettors. After contacting the hosting provider, researchers verified that the database, which contained over 100 million bet entries, had finally been secured. However, it’s still unclear whether the database’s owner or the ISP was responsible.

Chinese Crypto Farms Get Unique Ransomware Strain

Since China houses most of the world’s cryptocurrency mining farms, it comes as little surprise that malware authors are beginning to focus on this lucrative market. By infecting Antminer devices, which mine Litecoin and Bitcoin, this variant can quickly shut down the device and prevent further mining operations. Victims must choose between paying an extremely high ransom and allowing the infection to spread to thousands of other devices. For victims who do not pay, this variant also threatens to shut down devices’ fans, causing them to overheat and eventually destroy themselves.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This