Security News

This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. Infatica's code then uses the browser of anyone who has that extension installed to route Web traffic for the company's customers, including marketers or anyone able to afford its hefty monthly subscription charges.

Researchers are warning a new botnet is recycling the Mirai malware framework and is now targeting Android devices in order to launch distributed denial-of-service attacks. The botnet propagates through the Android Debug Bridge interface.

Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted.

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.

A report released Wednesday by security firm Digital Shadows looks at how such an effort was orchestrated to put a seeming end to the infamous Emotet malware. On Jan. 27, the European Union Agency for Law Enforcement Cooperation revealed that a global coalition of law enforcement and judicial authorities across several countries had disrupted Emotet through an endeavor known as "Operation Ladybird."

Following a takedown operation earlier this month, authorities are taking steps towards cleaning up systems infected with the Emotet malware. Serving as a malware loader, Emotet has been associated with the distribution of well-known malware families, including TrickBot and Ryuk ransomware, among others.

Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware-regular themes include invoices, shipping notices and information about COVID-19.

EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators' homes in the Ukraine. "To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week's action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside," said Europol in a jubilant statement this afternoon.

Authorities have managed to disrupt the infrastructure of the Emotet botnet, as part of an international effort of law enforcement agencies across Europe and North America. One of the most prevalent botnets over the past decade, Emotet first emerged in 2014 as a banking Trojan, but evolved into a malware downloader used by many cybercriminals looking to spread their malicious payloads.

The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. The Emotet malware was first spotted as a banking Trojan in 2014 and it has evolved into a botnet used by the TA542 threat group to deploy second-stage malware payloads.