Introduction
As one of the leading companies in computer security, we work hard every day to bring the highest level of protection to all of our users. This requires us to constantly explore new ways of defeating malware, often experimenting with blee…
For anyone in the cybersecurity industry, 2018 began on January 3rd — the day a trio of CPU bugs was announced. What trio? You probably recall Meltdown and Spectre, but from our perspective, the latter bug is really two for the price of one. While Meltdown and Spectre both got plenty of coverage in media outlets and security blogs around the globe (yes, that includes us, too), there’s an important distinction to make and more to say on this matter.
This is a call to action! Please see my experiment below — and agree with my assertion that as a global digital culture, we must care more about security. Starting now.
Over the past few days, we have been analyzing a development with the Necurs botnet – a cybercrime operation dating back to 2012 that quickly became one of the largest spam botnets in the world. We reported on the infamous cybergang responsible for the distribution of global malware campaigns such as “Locky” and “GlobeImposter” in two blog posts (here and here) that explained how malware is spread via Necurs. And now we have seen a new link to that chain with attackers serving brand new files via the same botnet. These files are spreading malicious Visual Basic Scripts (VBScripts) and our analysis suggests that the authors are using the services provided by the Necurs botnet to reach more victims. The ultimate goal of the attackers is to make systems vulnerable to attacks with the ability to steal personal data and to infect them with keyloggers, banking malware, and ransomware.
Today, I shared new findings from Avast’s continued investigations of the CCleaner APT (Advanced Persistent Threat) at RSA.
Nearly 50,000 Minecraft accounts have been infected with malware designed to reformat hard-drives and delete backup data and system programs, according to Avast data from the last 30 days. The malicious Powershell script identified by researchers from Avast’s Threat Labs uses Minecraft “skins” created in PNG file format as the distribution vehicle. Skins are a popular feature that modify the look of a Minecraft player’s Avatar. They can be uploaded to the Minecraft site from various online resources.
In November 2017, we detected a strain of malware known as JSMiner in Google Play. The Monero cryptomining capabilities were discovered inside the gaming application Cooee. At the time of discovery, we forecasted a rise in mobile mining malware as atta…
Cybercriminals are aggressively uploading cryptocurrency mining malware to GitHub. The cybercriminals fork other projects, which on Github means producing a copy of someone else’s project, to build upon the project or to use as a starting point and subsequently push a new commit with the malware to the project. The projects which have been forked appear to be chosen at random. A list of affected GitHub repositories can be found at the bottom of this blog post.
A few months ago, one of our customers contacted us regarding strange messages he received on Facebook Messenger. The messages came from fake Facebook profiles belonging to attractive, but fictitious women. These women encouraged him to download anothe…
The good news is that Avast users are protected against cryptomining, which includes the current threat terrorizing the world’s Windows servers and computers. The Smominru botnet has torn through hundreds of thousands of servers and computers alike, hijacking their CPU power to mine the cryptocurrency Monero. ZDNet reports that the Smominru botnet mines 24 Monero ($8,500) a day, with a net total to date of 8,900 Monero ($2.8M – $3.6M).