Martijn Lammerts
My own digital place with a little of everything

Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users

8 May 2018

We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.

Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links.

The post Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users appeared first on .

Continue reading...

XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing

20 April 2018

We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects these as ANDROIDOS_XLOADER.HRX.

These malware pose as legitimate Facebook or Chrome applications. They are distributed from polluted DNS domains that send a notification to an unknowing victim’s device. The malicious apps can steal personally identifiable and financial data and install additional apps. XLoader can also hijack the infected device (i.e., send SMSs) and sports self-protection/persistence mechanisms through device administrator privileges.

The post XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing appeared first on .

Continue reading...

Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure

28 March 2018

We uncovered a new Android malware that can surreptitiously use the infected device's computing power to mine Monero. Trend Micro detects this as ANDROIDOS_HIDDENMINER. This Monero-mining Android app’s self-protection and persistence mechanisms include hiding itself from the unwitting user and abusing the Device Administrator feature (a technique typically seen in SLocker Android ransomware).

The post Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure appeared first on .

Continue reading...

Skygofree: New Government Malware for Android

22 January 2018
Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The...
Continue reading...

Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy

19 December 2017

Android malware like ransomware exemplify how the platform can be lucrative for cybercriminals. But there are also other threats stirring up as of late: attacks that spy on and steal data from specific targets, crossing over between desktops and mobile devices.

Take for instance several malicious apps we came across with cyberespionage capabilities, which were targeting Arabic-speaking users or Middle Eastern countries. These were published on Google Play — but have since been taken down — and third-party app marketplaces. We named these malicious apps AnubisSpy (ANDROIDOS_ANUBISSPY) as all the malware’s payload is a package called watchdog.

We construe AnubisSpy to be linked to the cyberespionage campaign Sphinx (APT-C-15) based on shared file structures and command-and-control (C&C) server as well as targets. It’s also possible that while AnubisSpy’s operators may also be Sphinx’s, they could be running separate but similar campaigns.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy

Continue reading...

New GnatSpy Mobile Malware Family Discovered

18 December 2017

Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

New GnatSpy Mobile Malware Family Discovered

Continue reading...

Tracking People Without GPS

15 December 2017
Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind...
Continue reading...