Exploit This

Security News, Exploits, and Vulnerabilities.

The Magala Trojan Clicker: A Hidden Advertising Threat

Magala falls into the category of Trojan Clickers that imitate a user click on a particular webpage, thus boosting advertisement click counts. It’s worth pointing out that Magala doesn’t actually affect the user, other than consuming some of the infected computer’s resources. The main victims are those paying for the advertising.

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries.

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. This sample is what could be considered as the “father” of other XPan ransomware variants. A considerable amount of indicators within the source code depict the early origins of this sample.

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post.

Inside the Gootkit C&C server

In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment variable ‘crackme’ in the downloader’s body. Just as interesting was the fact that we were able to gain access to the bot’s C&C server, including its complete hierarchal tree of folders and files and their contents.

Facebook malware – the missing piece

Recently we revealed that a threat actors exploited social networks to spread a Trojan that captures a victim’s entire browser traffic. Approximately 10,000 Facebook users with Windows PCs were hit by malicious friend notifications. In this article we will explain the security issue and attack.

Facebook malware: tag me if you can

A malware attack tricked around 10,000 Facebook users around the world. Compromised PCs were used to hijack Facebook accounts in order to spread the infection through the victim’s Facebook friends and for other malicious activity.

Everyone sees not what they want to see

In early March, Kaspersky Lab detected the modular Trojan Backdoor.AndroidOS.Triada which granted superuser privileges to downloaded Trojans (i.e. the payload), as well as the chance to get embedded into system processes. Soon after that we found one of the modules enabling a dangerous attack – spoofing URLs loaded in the browser.

PNG Embedded – Malicious payload hidden in a PNG file

This is what we found in a new Brazilian Trojan in the wild: it tries to conceal the malicious files in a PNG image. And the attack starts with a simple phishing PDF.

Kaspersky Security Bulletin 2015. Overall statistics for 2015

In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms – Android and Linux: almost all types of malicious programs are created and used for these platforms.

%d bloggers like this: