Tag: attackers

One of 1st-known Android DDoS malware infects phones in 100 countries

Enlarge (credit: portal gda ) Last year, a series of record-setting attacks hitting sites including KrebsOnSecurity and a French Web host underscored a new threat that had previously gone overlooked: millions of Internet-connected digital video recorders and similar devices that could easily be wrangled into botnets that challenged the resources of even large security services. Now, for one of the first times, researchers are reporting a new platform recently used to wage powerful denial-of-service attacks that were distributed among hundreds of thousands of poorly secured devices: Google’s Android operating system for phones and tablets. The botnet was made up of some 300 apps available in the official Google Play market. Once installed, they surreptitiously conscripted devices into a malicious network that sent junk traffic to certain websites with the goal of causing them to go offline or become unresponsive. At its height, the WireX botnet controlled more than 120,000 IP addresses located in 100 countries. The junk traffic came in the form of HTTP requests that were directed at specific sites, many of which received notes ahead of time warning of the attacks unless operators paid ransoms. By spreading the attacks among so many phones all over the world and hiding them inside common Web requests, the attackers made it hard for the companies that defend against DDoS attacks to initially figure out how they worked. The attacks bombarded targets with as many as 20,000 HTTP requests per second in an attempt to exhaust server resources. Read 8 remaining paragraphs | Comments

Taken from:
One of 1st-known Android DDoS malware infects phones in 100 countries

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

Enlarge (credit: National Police of Ukraine ) The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed. Researchers from antivirus provider Eset, in a blog post published Tuesday , said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. The report echoed findings reported earlier by Microsoft , Kaspersky Lab , Cisco Systems , and Bitdefender . Eset said a “stealthy and cunning backdoor” used to spread the worm probably required access the M.E.Doc source code. What’s more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak. “As our analysis shows, this is a thoroughly well-planned and well-executed operation,” Anton Cherepanov, senior malware researcher for Eset, wrote. “We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors.” Read 6 remaining paragraphs | Comments

Originally posted here:
Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

More:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

More here:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

Read the article:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

Read this article:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

More here:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

See the original article here:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

Continued here:
Mac users installing popular DVD ripper get nasty backdoor instead

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

See the article here:
Mac users installing popular DVD ripper get nasty backdoor instead