HackDig : Dig high-quality web security articles for hacker

ChessMaster’s New Strategy: Evolving Tools and Tactics

by MingYen Hsieh, CH Lei, and Kawabata Kohei A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware such as ChChes and remote access trojans like RedLeaves and PlugX to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with nota
Publish At:2017-11-06 17:10 | Read:3796 | Comments:0 | Tags:Bad Sites Targeted Attacks ChessMaster

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:4592 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware

A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A and TROJ.Win32.TRX.XXPE002FF019), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware paylo
Publish At:2017-10-21 18:05 | Read:4198 | Comments:0 | Tags:Bad Sites Exploits Ransomware CERBER CVE-2016-0189 Locky Ran

Business Process Compromise and the Underground’s Economy of Coupon Fraud

by Vladimir Kropotov and Fyodor Yarochkin (Senior Threat Researchers) The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year. And where there’s money to be made, there are cybercriminals rustling up schemes to take advantage of it. Unsurprisingly, that was the cas
Publish At:2017-09-29 00:50 | Read:3420 | Comments:0 | Tags:Bad Sites Deep Web Social Business Process Compromise Coupon

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:4733 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner

We’ve uncovered the notorious EITest campaign delivering a JavaScript (JS) cryptocurrency miner (detected by Trend Micro as HKTL_COINMINE) using tech support scams as a social engineering lure. These are fraud activities impersonating legitimate technical support services, conning unwitting victims to avail/pay for these services (or hand out financial data)
Publish At:2017-09-22 21:10 | Read:3074 | Comments:0 | Tags:Bad Sites cryptocurrency cryptocurrency miner EITest Tech Su

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer

With additional insights/analysis from Chaoying Liu We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel. ProMediads has been active as early as 2016, employing Rig and Sundown exp
Publish At:2017-07-19 15:35 | Read:3640 | Comments:0 | Tags:Bad Sites Exploits exploit kit LockPOS malvertising ProMedia

AdGholas Malvertising Campaign Employs Astrum Exploit Kit

At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the A
Publish At:2017-06-20 11:50 | Read:5805 | Comments:0 | Tags:Bad Sites Ransomware AdGholas Astrum exploit kit malvertisin

Exploring the Online Economy that Fuels Fake News

By Lion Gu, Vladimir Kropotov, and Fyodor Yarochkin (Senior Threat Researchers) “Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propagand
Publish At:2017-06-13 14:05 | Read:3155 | Comments:0 | Tags:Bad Sites Social cyber propaganda fake news Public Opinion M

iPhone Phishing Scam Crosses Over Physical Crime

Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password. Fortunately, he wa
Publish At:2017-05-05 09:25 | Read:3530 | Comments:0 | Tags:Bad Sites Social Brazilian underground market iphone phishin

IIS 6.0 Vulnerability Leads to Code Execution

Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request. A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND  method. Successful exploitation could result in
Publish At:2017-03-29 09:35 | Read:2957 | Comments:0 | Tags:Bad Sites IIS Vulnerability

Lurk: Retracing the Group’s Five-Year Campaign

by Fyodor Yarochkin and Vladimir Kropotov (Senior Threat Researchers) Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users
Publish At:2017-02-07 00:35 | Read:3455 | Comments:0 | Tags:Bad Sites Exploits Malware Angler Fileless Infection Lurk XX

Selling Online Gaming Currency: How It Makes Way for Attacks Against Enterprises

Offhand, companies and enterprises being affected by attacks like DDoS against the online gaming industry may be far-fetched. But the gaming industry, being a billion-dollar business with a continuously growing competitive community, is naturally bound to garner attention from cybercriminals. A recent wire fraud case, for instance, allowed a group of hackers
Publish At:2016-11-24 02:35 | Read:3446 | Comments:0 | Tags:Bad Sites Malware Social cryptocurrency DDoS online gaming o

New Bizarro Sundown Exploit Kit Spreads Locky

A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 wit
Publish At:2016-11-19 12:05 | Read:3397 | Comments:0 | Tags:Bad Sites Exploits Ransomware Bizarro Sundown exploit kits L

Operation Emmental Revisited: Malicious Apps Lock Users Out

Imagine getting a notification from your bank, asking for your cooperation in installing an updated version of their mobile app. After downloading the app, it asks for administrator privileges. The notification you received said it would indeed prompt the question and so you allowed it. You try the app out and it works fine. You were even able to do a transa
Publish At:2016-01-22 05:50 | Read:4234 | Comments:0 | Tags:Bad Sites Mobile android fake apps Operation Emmental


Share high-quality web security related articles with you:)


Tag Cloud