DIY malicious Android APK generating ‘sensitive information stealer’ spotted in the wild

DIY malicious Android APK generating ‘sensitive information stealer’ spotted in the wild

Back in June, 2013, we offered a peek inside a DIY Android .apk decompiler/injector that was not only capable of ‘binding’ malicious Android malware to virtually any legitimate app, but also, was developed to work exclusively with a publicly obtainable Android-based trojan horse.

In this post, I’ll profile a similar, recently released cybercrime-friendly Windows-based tool that’s capable of generating malicious ‘sensitive information stealing’ Android .apk apps, emphasize on its core features, and most importantly, discuss in depth the implications this type of tool could have on the overall state of the Android malware market.

More details: (more…)

Changes to the Webroot ThreatBlog

Over the next few days, you will begin to see some changes to the Webroot ThreatBlog.  As the company has grown, so has the need for our threat research to be delivered in a clearer, more concise manner.  We have worked long and hard on the new blog, including adding new content like the ThreatVlog, as well as highlighting the individuals behind all the great threat research done here at Webroot.

So with all that, we want to welcome you to the brand new Webroot ThreatVlog.  It is more than a URL update, but a whole new look to help you better stay updated on the digital threats out there, and just how to stay protected.

To better help you, here are a few updated links to help you.

New web URL: https://www.webroot.com/blog/
RSS feed update: https://www.webroot.com/blog/feed/

Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two

Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two

The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem.

Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or direct impersonation of popular brands in spam/phishing campaigns tactics, on a daily basis, traffic is sold and resold for achieving a customer’s or a seller’s fraudulent/malicious objectives, and is then most commonly converted to malware-infected hosts.

In this post, I’ll profile two cybercrime-friendly iFrame traffic exchanges, with the second ‘vertically integrating’ by also offering spamming services, as well as services violating YouTube’s ToS (Terms of Service) such as likes, comments, views, favorites and subscribers on demand, with an emphasis on the most common ways through which a potential cybercriminal can abuse any such traffic exchange network.

More details:

(more…)

Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase

Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase

We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers.

Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready SMTP servers and discuss their potential, as well as the re-emergence of bulletproof SMTP servers as a propagation method of choice.

More details:

(more…)

ThreatVlog Episode 2: Keyloggers and your privacy

Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand.  What exactly are these programs trying to steal?  How can this data be used harmfully against you?  And what can you do to protect all your data and devices from this malicious data gathering?  In this episode of Webroot ThreatVlog, Grayson Milbourne talks about security, your data, and protecting yourself.

[youtube=http://youtu.be/BvBybxTCicU]

Did you miss the first episode?  Be sure to check it out here:  http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/

DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild

DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild

Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace, demand always meets supply.

A newly launched, DIY ‘redirectors’ generating service, aims to make it easier for cybercriminals to hide the true intentions of their campaign through the use of ‘bulletproof redirector domains’. Let’s take a peek inside the cybercriminal’s interface, list all the currently active redirectors, as well as the actual pseudo-randomly generated redirection URLs.

More details:

(more…)

Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the open since 2009

Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the open since 2009

By Dancho Danchev

Operating in the open since 2009, a bulletproof hosting provider continues offering services for white, grey, and black projects, as they like to describe them, and has been directly contributing to the epidemic growth of cybercrime to the present day through its cybercriminal-friendly services.

From Traffic Distribution Systems (TDS), to doorways, pharmaceutical scams, spam domains and warez, the provider is also utilizing basic marketing concepts like, for instance, promotions through coupon codes in an attempt to attract more customers.

More details:

(more…)

DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

By Dancho Danchev

In need of a good reason to start using Craigslist ‘real email anonymization’ option? We’re about to give you a pretty good one. For years, the popular classified Web site has been under fire from spammers using DIY email collecting tools, allowing them to easily obtain fresh and valid emails to later be abused in fraudulent/malicious campaigns.

Let’s take a peek at some of the DIY Craigslist themed spamming tools currently in (commercial) circulation.

More details:

(more…)