Tag Archives: Malware

Top tip for botnet overlords: Don’t vacation in countries that can extradite you to the United States

There’s no doubt that a life of cybercrime can earn its most successful overlords a considerable amount of money, but you will always have to live with the fear that you could be apprehended and – if convicted – spend years in prison.

The post Top tip for botnet overlords: Don’t vacation in countries that can extradite you to the United States appeared first on WeLiveSecurity

‘Ghost Push’ Malware Threatens Android Users

Why should you update your Android device’s operating system? Two words. Ghost Push.

The well known trojan has had various iterations and it’s often updated to bypass new security updates.

At its peak, Ghost Push infected over 600,000 Android devices daily, a colossal number. The trojan is capable of rooting phones, displaying revenue-generating ads that drain your battery, and can be used by hackers as a means of spying on the infected party.

When infected, it is virtually impossible for the device’s owner to remove the virus, even by factory reset, unless the firmware is reflashed.

This is not an easy malware to get rid of.

The good news? A simple update of your Android operating system can make your phone much less penetrable to this type of malware.

However, even though Android has released version 7, Nougat, of its OS, there is still cause for concern. Recently released figures show that Android users are slow on the uptake when it comes to updating their OS. The majority of users are still running Lollipop, or earlier, meaning that they are vulnerable to the Ghost Push virus.

The latest iteration of the Ghost Push trojan.

In fact, the latest iteration of the Ghost Push trojan, which was discovered in September 2015, can infect devices running on Android Lollipop (version 5) or any of the OS that came before it.

In a recent blog post, Graham Cluley drove home the issue, emphasizing the root of what, on the surface, should be an easy problem to rectify. He said, “when you compare the take-up of new versions of Android compared to Apple iOS it’s clear that one ecosystem does a much better job of getting its users to upgrade to the latest version of their OS, protecting against security vulnerabilities, than the other.

There’s a reason for this. Whereas Apple has its own integrated app store, for Android it’s a different story. In their case, carriers, smartphone manufacturers and Google all have to work together to get a new update out to users. As such, the process takes longer, and updates are rolled out with much less frequency than they are for iOS.

Android Users

This, unfortunately, has a knock on effect that only serves to make Android users even more vulnerable. As Cluley puts it, Android users end up feeling abandoned, and this leads to many of them venturing “into the cloudy waters of installing third-party ROMs like CyanogenMod that receive regular updates.”

Recent research, also looked at the type of links that delivered the malware to users. Most were short links and ad links. The country most hit by the trojan infection, meanwhile, was India with more than 50 per cent of infections. Indonesia and the Philippines rank second and third, showing that the trojan is most prevalent in Asian countries. This doesn’t mean it’s not a threat in North America and Europe, though.

Be aware

Putting your trust in third-party sources can of course be risky, and that’s where infections like Ghost Push can be unwittingly installed by users. It’s important to be aware of what’s being installed.

Unfortunately installing third-party ROMs and applications can often lead to the installation of unwanted malicious malware and even ransomware. Android users should do their best to only download applications from reputable app stores and should avoid clicking on those suspect unknown third-party links, however tempting the proposition.

The post ‘Ghost Push’ Malware Threatens Android Users appeared first on Panda Security Mediacenter.

U.S. Takes Down Kelihos Botnet After Its Russian Operator Arrested in Spain

A Russian computer hacker arrested over the weekend in Barcelona was apparently detained for his role in a massive computer botnet, and not for last year’s US presidential election hack as reported by the Russian media.

Peter Yuryevich Levashov, 32-years-old Russian computer programmer, suspected of operating the Kelihos botnet — a global network of over 100,000 infected computers that was

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries.

Since March, as part of its “Vault 7” series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence

WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA).

Named Grasshopper, the latest batch reveals a CLI-based framework developed by the CIA to build “customised malware” payloads for breaking into Microsoft’s Windows operating systems and bypassing

Chrome Security Team Tackles ‘Friendly Fire’ To Keep Browser Safe

Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-party software incompatibility issues.

U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China’s President Xi Jinping.

According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the “Events” page of the US National Foreign Trade Council (NFTC) website