Over the past few days, we have been analyzing a development with the Necurs botnet – a cybercrime operation dating back to 2012 that quickly became one of the largest spam botnets in the world. We reported on the infamous cybergang responsible for the distribution of global malware campaigns such as “Locky” and “GlobeImposter” in two blog posts (here and here) that explained how malware is spread via Necurs. And now we have seen a new link to that chain with attackers serving brand new files via the same botnet. These files are spreading malicious Visual Basic Scripts (VBScripts) and our analysis suggests that the authors are using the services provided by the Necurs botnet to reach more victims. The ultimate goal of the attackers is to make systems vulnerable to attacks with the ability to steal personal data and to infect them with keyloggers, banking malware, and ransomware.
Today, I shared new findings from Avast’s continued investigations of the CCleaner APT (Advanced Persistent Threat) at RSA.
Nearly 50,000 Minecraft accounts have been infected with malware designed to reformat hard-drives and delete backup data and system programs, according to Avast data from the last 30 days. The malicious Powershell script identified by researchers from Avast’s Threat Labs uses Minecraft “skins” created in PNG file format as the distribution vehicle. Skins are a popular feature that modify the look of a Minecraft player’s Avatar. They can be uploaded to the Minecraft site from various online resources.
In November 2017, we detected a strain of malware known as JSMiner in Google Play. The Monero cryptomining capabilities were discovered inside the gaming application Cooee. At the time of discovery, we forecasted a rise in mobile mining malware as atta…
Cybercriminals are aggressively uploading cryptocurrency mining malware to GitHub. The cybercriminals fork other projects, which on Github means producing a copy of someone else’s project, to build upon the project or to use as a starting point and subsequently push a new commit with the malware to the project. The projects which have been forked appear to be chosen at random. A list of affected GitHub repositories can be found at the bottom of this blog post.
A few months ago, one of our customers contacted us regarding strange messages he received on Facebook Messenger. The messages came from fake Facebook profiles belonging to attractive, but fictitious women. These women encouraged him to download anothe…
The good news is that Avast users are protected against cryptomining, which includes the current threat terrorizing the world’s Windows servers and computers. The Smominru botnet has torn through hundreds of thousands of servers and computers alike, hijacking their CPU power to mine the cryptocurrency Monero. ZDNet reports that the Smominru botnet mines 24 Monero ($8,500) a day, with a net total to date of 8,900 Monero ($2.8M – $3.6M).
Details have emerged this week regarding two different—and both substantial—security flaws in almost every computer processor in use today. This affects Windows, Mac, Linux, Android, and iOS. It’s important to note that as of yet, no malware or cyberattack has been associated with these flaws, but now that the information is in the public domain, that could change. Either of the flaws could lead to your computer’s memory being compromised, which means sensitive data—passwords, photos, credit card details—can be accessed and stolen. Here’s a breakdown of the two vulnerabilities:
Malware Researcher: Nikolaos Chrysaidos, Head of Mobile Threats & Security, AvastCo-authored with Pham Duy Phuc, SfyLabs
Avast released its analytical tool, RetDec, to help the cybersecurity community fight malicious software. The tool allows anyone to study the code of applications to see what the applications do, without running them. Let’s fight the bad guys together!