Spam campaigns based on the Blackhole Exploit Kit send messages that contain links to compromised legitimate websites, which serve hidden iframes and redirections that exploit vulnerabilities across operating systems–from Android to Windows. Spam themes we have seen vary rapidly and are disguised to appear as legitimate messages from familiar services. Campaigns spoofing Facebook, LinkedIn, American Read more…
Spam campaigns based on the Blackhole Exploit Kit send messages that contain links to compromised legitimate websites, which serve hidden iframes and redirections that exploit vulnerabilities across operating systems–from Android to Windows. Spam themes we have seen vary rapidly and are disguised to appear as legitimate messages from familiar services. Campaigns spoofing Facebook, LinkedIn, American Read more…
Last week McAfee Labs reported a series of “one-click fraud” malware on Google Play in Japan. We have been monitoring this fraudulent activity and have found more than 120 additional variants on Google Play since the previous report. The malicious developers upload five or six applications per account using three to five accounts every night, Read more…
Facebook continues to be a favorite target for attackers to spread fake wall-post messages or fake scams. Most of the time these fake messages are involved in fake scams that ask users to respond to surveys. Recently, I discovered a Facebook wall post with a malicious website address that was unknowingly shared by a friend. Read more…
Following the recent discovery of Android/Chuli.A, yet another Android malware has now been found using the same method as Chuli.A: via forged email messages with the Android malware (APK file) as an attachment. However, instead of creating a standalone malicious application that shows a fake invitation about an upcoming congress, this time the attackers compromised Read more…
Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the hosts file on Windows systems. What’s interesting, however, is the technique chosen by the malware authors to distribute their payload. The samples in question (Example MD5: 34d9b42bfd64c6f752fe27eef8d80c5f) are packaged in a ZIP file along with Read more…
Foreign languages are no longer as difficult to understand as they once were, thanks to improvements in web translation services, which instantly translate words and web pages. The website translator plug-in can expand your global world with an amazing and effortless approach by automatically recognizing foreign-language identifiers. Website translators require JavaScript to be enabled to Read more…
In what may be the biggest security-related incident on Google Play this year, multiple Trojans targeting Japanese users were discovered carrying the strain of Android one-click fraud. McAfee Mobile Research has already identified multiple developer accounts that were used to spread the malware and confirmed that more than 80 applications of this type existed on Read more…
Exploits of the Java Runtime Environment (JRE) have been extensively used in drive-by-download toolkits such as Blackhole and Red Kit. New vulnerabilities discovered in 2013, such as CVE-2013-1493 and CVE-2013-0422, are popular, and we still see lots of older exploits such as CVE-2012-1723, CVE-2012-4681, and CVE-2012-0507. These vulnerabilities are already fixed in the latest JRE. Read more…
One thing that disturbs me is how people classify some malware by how surprising large the file is, how many libraries it uses, etc. In many cases, this just means the malware has inefficient code and all the tools are available to easily convert the binaries back into human-readable pseudocode. Let’s look back a bit Read more…