Tag Archives: Threat Research

Avast research finds at least 32,000 smart homes and businesses at risk of leaking data | Avast

Introduction
Today, we hear a lot about IoT, which stands for internet of things. All these smart boxes, light bulbs, shades, thermostats, voice assistants, and smart machines are slowly sneaking into our households, businesses and industrial environm…

Spectre continues: Did we all trade speed for security? | Avast

For anyone in the cybersecurity industry, 2018 began on January 3rd — the day a trio of CPU bugs was announced. What trio? You probably recall Meltdown and Spectre, but from our perspective, the latter bug is really two for the price of one. While Meltdown and Spectre both got plenty of coverage in media outlets and security blogs around the globe (yes, that includes us, too), there’s an important distinction to make and more to say on this matter.

Botception with Necurs: Botnet distributes script with bot capabilities | Avast Threat Labs

Over the past few days, we have been analyzing a development with the Necurs botnet – a cybercrime operation dating back to 2012 that quickly became one of the largest spam botnets in the world. We reported on the infamous cybergang responsible for the distribution of global malware campaigns such as “Locky” and “GlobeImposter” in two blog posts (here and here) that explained how malware is spread via Necurs. And now we have seen a new link to that chain with attackers serving brand new files via the same botnet. These files are spreading malicious Visual Basic Scripts (VBScripts) and our analysis suggests that the authors are using the services provided by the Necurs botnet to reach more victims. The ultimate goal of the attackers is to make systems vulnerable to attacks with the ability to steal personal data and to infect them with keyloggers, banking malware, and ransomware.

Minecraft players exposed to malicious code in modified “skins” | Avast

Nearly 50,000 Minecraft accounts have been infected with malware designed to reformat hard-drives and delete backup data and system programs, according to Avast data from the last 30 days. The malicious Powershell script identified by researchers from Avast’s Threat Labs uses Minecraft “skins” created in PNG file format as the distribution vehicle. Skins are a popular feature that modify the look of a Minecraft player’s Avatar. They can be uploaded to the Minecraft site from various online resources.

New Monero mining malware discovered in Google Play

In November 2017, we detected a strain of malware known as JSMiner in Google Play. The Monero cryptomining capabilities were discovered inside the gaming application Cooee. At the time of discovery, we forecasted a rise in mobile mining malware as atta…

Greedy cybercriminals host malware on GitHub

Cybercriminals are aggressively uploading cryptocurrency mining malware to GitHub. The cybercriminals fork other projects, which on Github means producing a copy of someone else’s project, to build upon the project or to use as a starting point and subsequently push a new commit with the malware to the project. The projects which have been forked appear to be chosen at random. A list of affected GitHub repositories can be found at the bottom of this blog post.