Search Results for “Tara Seals”


September 28, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
New Spyware Masad Clipper and Stealer Uses Telegram Bots to Steal Cryptocurrency, Drop Additional Malware

A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control (C2) hub to harvest data, steal cryptocurrency and drop additional malware, while masquerading as a Fortnite aimbot and more, according to an analysis by Juniper Networks. The spyware targets Android and Windows users and sends the data it collects from victims to a Telegram bot that acts as its C2 server. The stolen information can include browser form data with usernames and passwords for various sites, along with contact information and credit-card data;  PC and system information; a list of installed software and processes; desktop files; screenshots; browser cookies; Steam gaming platform files; Discord and Telegram messages; and FileZilla files. It also automatically replaces cryptocurrency wallets from the clipboard with its own; and has the capability of downloading other malware.  Masad’s primary propagation mechanism is mimicking software utilities like ProxySwitcher, CCleaner, Utilman, Netsh, and Whoami. It also mimics an existing malware called Proxo Bootstrapper.

August 6, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
Google Partners With ARM to Implement Memory-Tagging Extension Feature to Tackle Memory Safety Flaws in Android Platform

Google has partnered with mobile silicon-maker ARM to implement a hardware-based bug detection solution for one of the largest vulnerabilities in the Android platform, memory-safety flaws. The new feature, called the memory-tagging extension (MTE),  helps mitigate these kinds of bugs by enabling easier detection of them. It has two execution modes: Precise mode, which provides more detailed information about the memory violation and imprecise mode, which has lower CPU overhead and is more suitable to be always-on.

September 26, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
Suspected Chinese APT Group Has Been Attacking Southeast Asian Area Tech Companies Using ‘Fake Narrator’ Tool to Implant PcShare Backdoor to Gain System-Level Access

A suspected Chinese advanced persistent threat (APT) group has been attacking Southeast Asian area tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows, researchers with BlackBerry Cylance say. The attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims’ systems. With the two tools, the attackers can surreptitiously control Windows machines via remote desktop login screens, without the need for credentials. The attackers use a range of post-exploitation tools, many based on publicly available code often found on Chinese programming portals, with one of the tools, Fake Narrator, abusing Microsoft Accessibility Features to gain SYSTEM-level access on the compromised machine. The tools used by the attackers are similar to a known threat actor called Tropic Troopers, which actively targets heavy industrial companies and government institutions in Taiwan and the Philippines.

October 7, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
Magecart Is Now So Ubiquitous That It’s Flooding the Internet, Almost Two Million Instances With Over 18,000 Hosts Breached

Digital card-skimming collective Magecart is now so ubiquitous that its infrastructure is flooding the internet according to a paper presented at Virus Bulletin 2019 by Jordan Herman and Yonathan Klijnsma of RiskIQ. The researchers say there are now 573 known C2 domains for the group, with close to 10,000 hosts actively loading those domains. In total, they detected almost 2 million (2,086,529) instances of Magecart’s javaScript binaries, with over 18,000 hosts directly breached.

September 9, 2019
Tara Seals / Threatpost

Tara Seals / Threatpost  
China’s APT3 Reverse-Engineered NSA Equation Group Exploits to Create New Tools ‘UPSynergy’

The China-linked advanced persistent threat (APT) group known as APT3, also known as Buckeye or UPS Team, has built a full in-house battery of exploits and cybertools collectively dubbed “UPSynergy” which were likely gleaned from watching attacks by the National Security Agency’s Equation Group APT on target networks where APT3 also has a presence, researchers at Check Point report. APT3 equipped a reverse-engineered attack tool, named Bemstour, with an additional zero-day based on the NSA exploit called EternalRomance to gain remote code execution on a victim’s machine. The goal of Bemstour is to deploy a payload on the victim’s machine which is injected to a running process using an implant, which bears striking resemblance to the Equation group’s DoublePulsar tool.

 


February 3, 2019
Threatpost

Threatpost  
News Wrap Podcast For Feb. 1

Threatpost editors Lindsey O’Donnell and Tara Seals discuss Facebook and Google finding themselves in hot water over distributing data-sucking apps on iOS devices, a new data dump of 2.2 billion compromised credentials discovered on the Dark Web known as“Collections #2-5″ and more.

March 2, 2019
Threatpost

Threatpost   
Podcast: RSA Conference 2019 Preview

Threatpost editors Lindsey O’Donnell, Tom Spring and Tara Seals break down the biggest news, stories and trends – from artificial intelligence and government security to privacy and the Internet of Things – that they expect to hear about at RSA 2019 this year.