Security News

Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services. The number of its victims is unclear but attempts to infect Android devices have been recorded for tens of thousands of Android users protected by Avast security products in at least eight countries.

Parrot TDS was documented in April 2022 by Czech cybersecurity company Avast, noting that the PHP script had ensnared web servers hosting more than 16,500 websites to act as a gateway for further attack campaigns. The goal of the JavaScript code is to kick-start the second phase of the attack, which is to execute a PHP script that's already deployed on the ever and is designed to gather information about a site visitor and transmit the details to a remote server.

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.

Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware.

International law enforcement has taken down the infrastructure behind Flubot, a nasty piece of malware which had been spreading with unprecedented speed across Android devices globally since December 2020. Europol revealed Wednesday that a collaboration between law enforcement in 11 countries led to the disruption of the Flubot network in early May by Dutch Police, or Politie, "Rendering this strain of malware inactive," according to the agency.

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines."

Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. The malware operation's takedown resulted from a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot's most critical infrastructure.

The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear. "The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis," Ofer Caspi, a security researcher with Alien Labs, wrote in a blog post this month.

A rapidly evolving IoT malware dubbed "EnemyBot" is targeting content management systems, web servers and Android devices. The Alien lab research team study found four main sections of the malware.

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans such as Agent Tesla to facilitate malware-enabled cyber fraud. The law enforcement said that the suspects systematically used Agent Tesla to breach business computers and divert financial transactions to bank accounts under their control.