Researchers crack open Facebook campaign that pushed malware for years

Researchers crack open Facebook campaign that pushed malware for years

Enlarge / Artist’s impression of wireless hackers in your computer. (credit: TimeStopper/Getty Images)

Researchers have exposed a network of Facebook accounts that used Libya-themed news and topics to push malware to tens of thousands of people over a five-year span.

Links to the Windows and Android-based malware first came to researchers’ attention when the researchers found them included in Facebook postings impersonating Field Marshal Khalifa Haftar, commander of Libya’s National Army. The fake account, which was created in early April and had more than 11,000 followers, purported to publish documents showing countries such as Qatar and Turkey conspiring against Libya and photos of a captured pilot that tried to bomb the capital city of Tripoli. Other posts promised to offer mobile applications that Libyan citizens could use to join the country’s armed forces.

According to a post published on Monday by security firm Check Point, most of the links

Read the rest
In-the-wild Mac malware kept busy in June—here’s a rundown

In-the-wild Mac malware kept busy in June—here’s a rundown

June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS.

The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that’s available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe’s Flash media player, but it’s in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.

“The team at Intego has observed OSX/CrescentCore in the wild being distributed via numerous sites,” Intego’s Joshua Long wrote of two separate versions of the malware his company has found. “Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.”

Read 7 remaining Read the rest

Samsung asks users to please virus-scan their TVs

Samsung asks users to please virus-scan their TVs

Yesterday on Twitter, Samsung’s US support team reminded everyone to regularly—and manually—virus-scan their televisions.

Samsung’s team followed this up with a short video showing someone in a conference room going 16 button-presses deep into the system menu of a Samsung QLED TV to activate the television’s built-in virus-scan, which is apparently “McAfee Security for TV.”

Unsurprisingly, Samsung got immediate pushback on these tweets and almost as immediately deleted them.

Read 9 remaining paragraphs | Comments

Source link Read the rest

Google confirms that advanced backdoor came preinstalled on Android devices

Google confirms that advanced backdoor came preinstalled on Android devices

(credit: Alexandre Dulaunoy / Flickr)

Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday.

Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was “one of the most advanced mobile Trojans” the security firm’s analysts had ever encountered. Once installed, Triada’s chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS’ all-powerful Zygote process. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.

In July 2017, security firm Dr. Web reported that its researchers

Read the rest
Advanced Linux backdoor found in the wild escaped AV detection

Advanced Linux backdoor found in the wild escaped AV detection

Enlarge (credit: Jeremy Brooks / Flickr)

Researchers say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.

HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.

Some of the evidence analyzed—including code showing that the computers it infects are already compromised by

Read the rest
Zero-day attackers deliver a double dose of ransomware—no clicking required

Zero-day attackers deliver a double dose of ransomware—no clicking required

Enlarge (credit: Cisco Talos)

Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part of end users, researchers from Cisco Talos said on Tuesday.

The vulnerability and working exploit code first became public two weeks ago on the Chinese National Vulnerability Database, according to researchers from the security educational group SANS ISC, who warned that the vulnerability was under active attack. The vulnerability is easy to exploit and gives attackers the ability to execute code of their choice on cloud servers. Because of their power, bandwidth, and use in high-security cloud environments, these servers are considered high-value targets. The disclosure prompted Oracle to release an emergency patch on Friday.

On Tuesday, researchers with Cisco Talos said CVE-2019-2725, as the vulnerability has been indexed, has been under active exploit since at

Read the rest