category
Research

Android ransomware in 2017: Innovative infiltration and rougher extortion

Ransomware in 2017 saw users and businesses across the globe trying to cope with campaigns such as Petya and WannaCryptor. Not to be outdone, Android ransomware had a year full of innovative infiltration and rougher extortion as highlighted by the latest ESET research whitepaper.

FriedEx: BitPaymer ransomware the work of Dridex authors

ESET research has found that the ransomware FriedEx, also known as BitPaymer, is actually the work of the notorious gang responsible for the Dridex banking trojan.

ESET’s guide makes it possible to peek into FinFisher

To help malware analysts and security researchers overcome FinFisher’s advanced anti-disassembly obfuscation and virtualization features, ESET researchers have framed some clever tricks into a whitepaper, “ESET’s guide to deobfuscating and devirtualizing FinFisher”.

ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash Player installer

In order to establish persistence on the system, the installer tampers with the operating system’s registry. It also creates an administrative account that allows remote access.

Sednit update: How Fancy Bear Spent the Year

Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.

Memes: the explanation of nearly everything – including computer viruses

We still don’t have a solid scientific theory of memes; nonetheless, they already allow us to understand why certain things happen the way they do. Memes are “alive”; they reproduce, mutate, and evolve according to Darwinian laws.

Banking malware on Google Play targets Polish banks

Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.

StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved?

As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level.

ESET takes part in global operation to disrupt Gamarue

Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.

New campaigns spread banking malware through Google Play

For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.

Multi-stage malware sneaks into Google Play

In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.

Windigo Still not Windigone: An Ebury Update

In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury sample.

Bad Rabbit: Not-Petya is back with improved ransomware

A new ransomware outbreak today has hit some major infrastructure in Ukraine including Kiev metro. Here are some details about this new variant of Petya.

Fake cryptocurrency trading apps on Google Play

With all the hype around cryptocurrencies, cybercriminals are trying to grab whatever new opportunity they can – be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.

OSX/Proton spreading again through supply-chain attack

Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.

DoubleLocker: Innovative Android Ransomware

DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them – a combination that has not been seen previously in the Android ecosystem.

Money-making machine: Monero-mining malware

While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.

BankBot trojan returns to Google Play with new tricks

The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.

New FinFisher surveillance campaigns: Internet providers involved?

FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments.

Cryptocurrency web mining: In union there is profit

Cryptocurrency mining has been used by cybercriminals to make a quick and easy profit while corrupting the victim’s machine in the process.

Follow us

Copyright © 2018 ESET, All Rights Reserved.