Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Trojan Horse. Show all posts

Russian Hackers use WinRAR as Cyberweapon

Russian hackers are known for their notorious cyber-attacks. They have once again been accused of using a popular file compression software, WinRAR, to launch an attack on a state agency in Ukraine. The attack wiped out the agency’s data, resulting in the loss of important information.

According to reports, the hackers used a malicious version of WinRAR that contained a Trojan horse to infiltrate the agency’s system. Once the software was installed, the Trojan horse allowed the hackers to access sensitive data and execute commands remotely.

It’s not the first time Russian hackers have been accused of using WinRAR as a cyberweapon. In 2018, the group was found to be using a similar tactic to launch a cyber attack on a Ukrainian company.

The incident highlights the growing threat of cyber attacks and the importance of having strong security measures in place. Businesses and organizations need to ensure that they are taking steps to protect their systems from such attacks.

One of the key measures that can be taken is to ensure that all software is updated regularly, as this can help to patch any vulnerabilities that may be present. Additionally, organizations should have a robust backup and disaster recovery plan in place to ensure that they can recover from an attack quickly and with minimal disruption.

It’s also important for organizations to have an incident response plan in place to ensure that they can quickly and effectively respond to a cyber attack. This should include identifying and containing the attack, notifying relevant stakeholders, and taking steps to prevent the attack from spreading further.

As cyber-attacks become increasingly common and sophisticated, it’s important for organizations to take steps to protect their systems and data. By implementing strong security measures and being prepared for the worst-case scenario, businesses can reduce their risk of falling victim to an attack and minimize the impact if it does occur.

Flashback Mac Trojan exploits Java vulnerability or uses Social Engineering Attack

Security firm Intego is warning about a new version of Flashback Trojan that aims to steal victim's online banking details.

This new Trojan try to exploit one of two Java vulnerabilities in order to infect the Mac user's system.  If these vulnerabilities are patched and the system has updated version of Java, then it tries to trick users into accepting a fake digital certificate(Social Engineering Attack),

In order to avoid detection, Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac .  It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.

"Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash. It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension. "Intego wrote on its security blog.

The goal of this malware appears to be to steal usernames and passwords for high-value sites such as Bank websties, Paypal and other sites. Intego said the malicious code injected into the running application causes them to become unstable and often will crash.

Security Tips:
  • Update your Java to the latest version
  • Intego says many Macs are getting infected by the social engineering trick of the bogus certificate purporting to be signed by Apple, as shown in the screenshot above. If you see this, don’t trust it, and cancel the process.
  • Install Intego VirusBarrier X6(detects all other variant of this Trojan)


SMS Trojans target users from a number of European countries and Canada

Denis @Kaspersky Lab discovered a SMS Trojan that target users from a number of European countries and Canada.  According to the messages found on Internet forums, the first infections were reported in early September.

One of the Victim downloaded an application to monitor his own messages, calls and traffic. After launching this application , it displayed message that it was not compatible with the user’s Android version. And then the user’s mobile account was emptied.  This app turned up to be an SMS Trojan which sends 4 SMS messages to premium rate numbers. Kaspersky detect it as "Trojan-SMS.AndroidOS.Foncy" malware.

The main menu of smartphone after the infection:


This Trojan is distributed via a file hosting website with the name "SuiConFo.apk".

There are 2 main malicious classes of this Trojan: ‘MagicSMSActivity.class’ and ‘SMSReceiver.class’. The first is mainly responsible for sending SMS messages, while the second is used to hide incoming messages from specific numbers.

"Unfortunately, today SMS Trojans are one the easiest ways for cybercriminals to make easy money fast. Malicious use of premium rate SMS services is spreading around the world, and I’m pretty sure it’s not going to stop any time soon. We’ll keep you posted. " said Denis

Tsunami backdoor Trojan Horse for Mac OS X, port of Troj/Kaiten


Sophos researchers discovered a new Trojan Horse named as "Tsunami" that infects Mac OS X.  Researchers said it appears to be a port of Troj/Kaiten( a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions)

An attacker can get access to infected system and launch DDOS Attack(Distributed Denial of service).

Sophos Anti virus included this OSX/Tsunami-A in virus Definitions, So it can detect these malwares. Don't forget to update your Antivirus.