Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label virus. Show all posts
virus
AI Antivirus Cloud Data Identity Protection phishing Technology virus

Antivirus vs Identity Protection Software: What to Choose and How?


Users often put digital security into a single category and confuse identity protection with antivirus, assuming both work the same. But they are not. Before you buy one, it is important to understand the difference between the two. This blog covers the difference between identity theft security and device security.

Cybersecurity threats: Past vs present 

Traditionally, a common computer virus could crash a machine and infect a few files. That was it. But today, the cybersecurity landscape has changed from compromising computers via system overload of resources to stealing personal data. 

A computer virus is a malware that self-replicates, travelling through devices. It corrupts data and software, and can also steal personal data. 

With time, hackers have learned that users are easier targets than computers. These days, malware and social engineering attacks pose more threats than viruses. A well planned phishing email or a fake login page will benefit hackers more than a traditional virus. 

Due to the surge in data breaches, hackers have got it easy. Your data- phone number, financial details, passwords is swimming in databases, sold like bulk goods on the dark web. 

AI has made things worse and easier to exploit. Hackers can now create believable messages and even impersonate your voice. These shenanigans don't even require creativity, they need to be convincing enough to bait a victim to click or reply. 

Where antivirus fails

Your personal data never stays only on your computer, it is collected and sold by data brokers and advertisers, or to third-parties who benefit from it. When threat actors get their hands on this data, they can use it to impersonate you. 

In this case, antivirus is of no help. It is unable to notice breaches happening at organizations you don't control or someone impersonating you. Antivirus protects your system from malware that exists outside your system. There is a limit to what it can do. Antivirus can protect the machine, but not the user behind it. 

Role of identity theft protection 

Identity protection doesn't concern itself with your system health. It looks out for information that follows you everywhere- SSN, e-mail addresses, your contact number and accounts linked to your finances. If something suspicious turns up, it informs you. Identity protection works more on the monitoring side. It may watch your credit reports for threats- a new account or a hard enquiry, or falling credit score. Identity protection software looks out for early warning signs of theft, as mentioned above. It also checks if your data has been put up on dark web or part of any latest leaks. 

Read more »
Windows
AI ChatGPT Cloud Data Technology virus Windows

Hackers Exploit AI Stack in Windows to Deploy Malware


The artificial intelligence (AI) stack built into Windows can act as a channel for malware transmission, a recent study has demonstrated.

Using AI in malware

Security researcher hxr1 discovered a far more conventional method of weaponizing rampant AI in a year when ingenious and sophisticated quick injection tactics have been proliferating. He detailed a living-off-the-land attack (LotL) that utilizes trusted files from the Open Neural Network Exchange (ONNX) to bypass security engines in a proof-of-concept (PoC) provided exclusively to Dark Reading.

Impact on Windows

Programs for cybersecurity are only as successful as their designers make them. Because these are known signs of suspicious activity, they may detect excessive amounts of data exfiltrating from a network or a foreign.exe file that launches. However, if malware appears on a system in a way they are unfamiliar with, they are unlikely to be aware of it.

That's the reason AI is so difficult. New software, procedures, and systems that incorporate AI capabilities create new, invisible channels for the spread of cyberattacks.

Why AI in malware is a problem

The Windows operating system has been gradually including features since 2018 that enable apps to carry out AI inference locally without requiring a connection to a cloud service. Inbuilt AI is used by Windows Hello, Photos, and Office programs to carry out object identification, facial recognition, and productivity tasks, respectively. They accomplish this by making a call to the Windows Machine Learning (ML) application programming interface (API), which loads ML models as ONNX files.

ONNX files are automatically trusted by Windows and security software. Why wouldn't they? Although malware can be found in EXEs, PDFs, and other formats, no threat actors in the wild have yet to show that they plan to or are capable of using neural networks as weapons. However, there are a lot of ways to make it feasible.

Attack tactic

Planting a malicious payload in the metadata of a neural network is a simple way to infect it. The compromise would be that this virus would remain in simple text, making it much simpler for a security tool to unintentionally detect it.

Piecemeal malware embedding among the model's named nodes, inputs, and outputs would be more challenging but more covert. Alternatively, an attacker may utilize sophisticated steganography to hide a payload inside the neural network's own weights.

As long as you have a loader close by that can call the necessary Windows APIs to unpack it, reassemble it in memory, and run it, all three approaches will function. Additionally, both approaches are very covert. Trying to reconstruct a fragmented payload from a neural network would be like trying to reconstruct a needle from bits of it spread through a haystack.

Read more »
virus
Apple Macbook malware Scam virus

One Click Is All It Takes: New Mac Malware Steals Your Data

 



A growing number of Mac users are being tricked into downloading harmful software through fake verification messages. These scams look like normal human checks, such as Google’s “I’m not a robot” box, but are actually part of a malware campaign targeting Apple computers.

Researchers recently found that over 2,800 websites have been hacked to spread a malware called Atomic Stealer. This software is designed to steal passwords, browser data, crypto wallets, and personal files from infected Macs.


How the scam works

The attack begins when someone visits one of these infected websites. A fake pop-up appears, asking them to prove they’re human. It looks like a regular verification step we’re used to seeing online. Most people would not think twice before clicking.

But once the user clicks the button, a hidden code is quietly copied to their clipboard. Then, the pop-up gives strange instructions that tell the person to open the Terminal app on their Mac and paste the copied code.

If they follow these steps and press Enter, the malware gets installed on their system. The software then begins stealing information saved in the system’s password manager and browsers, as well as any crypto assets stored on the device.


Why this trick is dangerous

This attack is hard to catch because the victim unknowingly helps install the malware. Instead of using a typical virus download, the scam relies on people following the instructions themselves. This method can bypass antivirus programs, making it even more dangerous.

What makes this more troubling is that this malware is being sold as a service. Hackers pay monthly to use Atomic Stealer, which means many groups can launch similar attacks using different techniques.


How to protect yourself

If a website ever tells you to open Terminal or paste something into your system, close it right away. This is not a normal request and should be treated as a red flag.

While Apple devices include built-in security tools, it’s also a good idea to install trusted antivirus software for added safety. Identity theft protection services can also help if your personal information is ever misused.

This scam is successful because it plays on our habits. Many people don’t question familiar actions, especially when under pressure. Share this information with friends and family so they can stay safe, too. Avoid unfamiliar websites, think carefully before clicking, and never follow odd instructions from online pop-ups.

Read more »
Youtube
Cyber Security Neptune RAT Passwords virus Windows Youtube

New Virus Spreading Through YouTube Puts Windows Users at Risk

 




A new type of digital threat is quietly spreading online, and it’s mainly affecting people who use Windows computers. This threat, called Neptune RAT, is a kind of harmful software that allows hackers to take over someone’s system from a distance. Once installed, it can collect personal data, spy on the user’s activity, and even lock files for ransom.

What’s especially worrying is how the virus is spreading. It’s being shared through common platforms like YouTube, GitHub, and Telegram. Hackers are offering this tool as part of a paid service, which makes it easier for many cybercriminals to get access to it.


What Makes Neptune RAT So Dangerous?

Neptune RAT is not an ordinary computer virus. It can do many harmful things at once, making it a serious risk to anyone who accidentally installs it.

One of its tricks is swapping digital wallet addresses during cryptocurrency transfers. This means someone could send money thinking it’s going to the right person, but it actually ends up in a hacker’s account.

Another feature allows it to collect usernames and passwords stored on the victim’s device. It targets popular programs and web browsers, which could let hackers break into email accounts, social media, or online banking services.

Even more troubling, Neptune RAT includes a feature that can lock files on the user’s system. The attacker can then demand money to unlock them— this is what’s known as ransomware.

To make things worse, the virus can turn off built-in security tools like Windows Defender. That makes it much harder to spot or remove. Some versions of the virus even allow hackers to view the victim’s screen while they’re using it, which could lead to serious privacy issues.

If the hacker decides they no longer need the device, the virus can erase all the data, leaving the victim with nothing.


How to Stay Protected

To avoid being affected by this virus, it’s important to be careful when clicking on links or downloading files— especially from YouTube, GitHub, or Telegram. Never download anything unless you fully trust the source.

Although antivirus software is helpful, this particular virus can get past many of them. That’s why extra steps are needed, such as:

1. Using different passwords for each account  

2. Saving important files in a secure backup  

3. Avoiding links or downloads from strangers  

4. Enabling extra security features like two-factor authentication

Staying alert and employing good online habits is the best way to avoid falling victim to harmful software like Neptune RAT.


Read more »
virus
Android Bugs malware Soumnibot virus

Soumnibot Malware Abuses Bugs to Escape Detection


Soumnibot Malware

A new Android banking virus called 'SoumniBot' employs a less prevalent obfuscation technique, attacking flaws in the Android manifest extraction and parsing method.

The approach allows SoumniBot to bypass typical Android security safeguards and steal information.
Kaspersky researchers found and researched the virus, providing technical details on how it exploits the Android procedure to parse and extract APK manifests.

Fooling Android’s Parser

Manifest files ('AndroidManifest.xml') are located in each app's root directory and contain information about components (services, broadcast receivers, content providers), permissions, and app data.

While malicious APKs can employ multiple compression strategies to confuse security programs and elude inspection, Kaspersky analysts discovered that SoumniBot uses three separate methods to bypass parser tests, all of which entail manipulating the manifest file's compression and size.

How the virus works?

First, while unpacking the APK's manifest file, SoumniBot utilizes an erroneous compression number that differs from the normal values (0 or 8) anticipated by the Android 'libziparchive' library assigned to the role.

Rather than rejecting these numbers, the Android APK parser defaults to accepting the data as uncompressed due to a flaw, allowing the APK to evade protection and keep executing on the device.

The second way includes misreporting the size of the manifest file in the APK, providing a value that is greater than the true figure.

Since the file was tagged as uncompressed in the previous step, it is copied directly from the archive, with rubbish "overlay" data filling in the gaps.

According to Kaspersky, while this extra data does not immediately affect the device because Android is configured to disregard it, it does play an important role in misleading code analysis tools.

The third evasion tactic is to use excessively long strings as the names of XML namespaces in the manifest file, making it impossible for automated analysis tools to examine them, as they frequently lack enough capacity to parse them.

Google has been notified by Kaspersky that APK Analyzer, the official analysis tool for Android, cannot handle files that use the aforementioned evasion techniques.

The danger of SoumniBots

At the moment of activation, SoumniBot communicates the infected device's carrier, number, and other profile information, and asks its configuration options from a hardcoded server address.

Next, it creates a malicious service that sends stolen data from the victim every 15 seconds and restarts every 16 minutes if it is interrupted.

IP addresses, contact lists, account information, SMS messages, images, videos, and digital certificates for online banking are among the exfiltrated data.

The techniques by which SoumniBot infiltrates smartphones are unknown, however, they could range from distribution through dubious websites and unofficial Android marketplaces to upgrading legitimate programs in trustworthy repositories with malicious code.

Kaspersky offers a concise collection of compromise indications, comprising malware hashes and two domains utilized by malware operators for command and control operations.

Read more »
virus
Adobe ColdFusion Cyber Attacks CyberCrime Cybersecurity Ransomware Software virus

ColdFusion's Close Call: A Peek into the Anatomy of a Failed Ransomware Strike

 


Several threat actors have recently used outdated Adobe software to exploit systems and deploy ransomware payloads, highlighting the ever-evolving tactics that they use to attack networks and deploy the ransomware payloads. It has been discovered that the attack took place during September and early October and was aimed at gaining access to Windows servers and releasing ransomware. However, it was a valuable learning experience, which served as a valuable learning opportunity despite the failure of the attack. 

In order to uncover the attack, Sophos researchers examined the threat actor's approach to the attack. The researchers discovered that the attacker intended to use leaked source code from the LockBit 3.0 ransomware family of a malware family known for its fast and effective execution. 

Other campaigns have also repurposed different ransomware variants in order to create new variants of the virus. Threat actors have always been interested in the servers as they are undoubtedly one of the most effective ways of attacking an organization, as they are one of the more efficient paths to penetrate it. 

Generally, server-related accounts have the highest privilege levels in the network, making it easy for their administrators to easily move from one machine to another in the network. There are a variety of threats being delivered to servers that have been observed by Sophos X-Ops, and the most common payloads are the Cobalt Strike Beacons, ransomware, fileless PowerShell backdoors, miners, and webshells, among others.  

Several efforts were made by an unknown actor in September and into the first half of October to exploit vulnerabilities in outdated, unsupported versions of Adobe’s ColdFusion Server software so that they could gain access to the Windows servers on which they were running, and eventually pivot to the exploitation of ransomware infections. 

Although no one of these attacks was successful, the telemetry that they provided allowed us to find out who was responsible, and to retrieve the payloads that were being deployed as part of those attacks. The researchers at Sophos who uncovered the attack found that the threat actor was attempting to deploy ransomware derived from a family of ransomware known as LockBit 3.0 that was created with the leaked source code. 

In other campaigns, Sophos researchers also noticed that a similar pattern was occurring. The attackers are likely to have chosen LockBit 3.0 ransomware as the most effective family and the fastest. A typical approach these threat actors take is aiming for holes in unpatched versions of software, and that is exactly what they did in this case. Rather than implementing new techniques, the attacker used old and unsupported ColdFusion version 11 software to target.

The Adobe ColdFusion service announced last week that three critical vulnerabilities had been discovered. First of all, on July 11, it announced patches for CVE-2023-29300, a deserialization issue that could result in arbitrary code execution, as well as CVE-2023-20298, an improper access control issue that could lead to a security feature bypass. 

On July 14, the company also released patches to fix another deserialization vulnerability, CVE-2023-38203, which may result in executing arbitrary code. Adobe made a mistake in sending notification emails to some customers in which it claimed it was aware of attacks targeting CVE-2023-29300.

However, no evidence has been presented that this flaw has been actually exploited.  Rapid7, a cybersecurity firm that has been following the CVE-2023-29298 and CVE-2023-38203 vulnerabilities that were patched last week, reported on Monday that none of them seem to have been exploited in the wild yet. 

As Accel7 discovered in its analysis, CVE-2023-38203 has been chained with another vulnerability, likely CVE-2023-38203, which is demonstrated in attacks observed by the firm that were undertaken by attackers who used PowerShell commands to create webshells that gave them access to the targeted system. 

A blog post detailing the findings of CVE-2023-38203 was published by researchers at ProjectDiscovery on July 12, just before Adobe announced its patch to address the issue. Rapid7 believes ProjectDiscovery initially thought that by posting the blog post, they were actually disclosing CVE-2023-29300, which had already been fixed by Adobe, but in fact, their blog post was in fact about CVE-2023-38203, which the vendor was still yet to issue a patch for. 

As it turned out, Adobe announced patches on July 14 as part of its announcement of patches for CVE-2023-38203, and it clarified that the company was making available a proof-of-concept (PoC) blog post to explain the security hole.  

The other important factor is investing in robust endpoint detection and response (EDR) systems, which can detect and prevent ransomware attacks. Effective EDR systems can prevent ransomware attacks from occurring. Using software that is supported by the organization, regularly updating the system, and leveraging security controls that can detect and mitigate evolving threats are important for organizations. 

Particularly, endpoint behavioural detection software can be effective in detecting suspicious activities on an endpoint as well as guarding against ransomware attacks by detecting suspicious activities. The recent failed hack on ColdFusion servers sheds great light on the evolving landscape of ransomware attacks and sheds new light on how ransomware attacks will evolve in the future.

Throughout the course of the year, threat actors continue to increase their tactics and find new vulnerabilities to exploit. There are however several ways in which organizations can effectively protect themselves from cyber threats. They can maintain a fully up-to-date software strategy, implement robust security controls, and use sophisticated endpoint monitoring and response systems. 

When it comes to mitigating the risks associated with ransomware, it is crucial to stay proactive and vigilant at all times. It was reported on March 12, 2023, that the U.S. National Security Agency (NSA) has added to its known exploited vulnerabilities list an Adobe ColdFusion vulnerability with a CVSS score of 8.6 which has been tracked as CVE-2023-26360, which is tracked as the CVE-2023-22132 in the Adobe ColdFusion patched by the vendor. 

A serious flaw in this software lies in the way it handles access control, which could allow a remote attacker to execute any code he chooses. As a result of this vulnerability, an arbitrary file system read could also occur, along with a memory leak.
Read more »
virus
Antivirus Apps Cyber Security Ransomware Threat Landscape virus

Cybersecurity: Are Viruses Still a Threat?

 

Viruses were considered the biggest cybersecurity concern in the world, but is that still the case? How prevalent were viruses in the past, and are they still as deadly today? 

Understanding the modern computer viruses

Viruses are no longer the most dangerous type of cyber threat, despite the fact that they once were. With the last few major virus campaigns, such as Stuxnet, SpyEye, and W32.Dozer, the prevalence of computer viruses started to fall around the beginning of the 2010s. 

Technology developments are primarily to blame for viruses' diminished menace. The antivirus software that was available to use in the early 2000s was very different from what we use today because of better service, more features, and greater detection rates that have come along over time. 

As a result of their lack of extreme complexity, viruses are not very huge programmes. Viruses require a "host" on which to replicate, just like in the biological world. Typical viruses have to be pretty little since they have to sneak inside a programme. This doesn't allow the virus much area for additional coding that would give it complex powers. 

Furthermore, many viruses have a consistent pattern, so antivirus software is accustomed to detecting them. What actually poses a threat to our smartphones and computers today is malicious software like ransomware, spyware, Trojan horses, and other similar threats. 

These malware programmes can be extremely complex and occasionally are made to completely avoid antivirus protection. Overall, current malware just outperforms viruses, which is why they aren't employed nearly as frequently as they once were. 

Through the 2010s, ransomware in particular grew significantly as a cybercrime trend. This type of malware encrypts the contents on an infected device and notifies victims that the files can only be unlocked when they pay the requested ransom. WannaCry, LockBit, Jigsaw, and Bad Rabbit are a few well-known ransomware instances. 

Many ransomware operators acquire their malicious software through ransomware-as-a-service platforms, which sell ransomware to third-party hackers in exchange for a charge. This makes ransomware available to less technically savvy bad actors as well as seasoned pros.

Viruses are clearly no longer the most significant cybersecurity concern. However, viruses are not entirely extinct. As previously stated, the once-feared MyDoom virus was discovered in use in 2019. MyDoom was disseminated in this case through a phishing email campaign. Viruses are still used today, even if they are deemed primitive, and this is critical to remember. 

Is antivirus still required?

The definition of the phrase "antivirus" has changed over time. While antivirus programmes were initially designed solely to protect against viruses, they can now identify and remove various types of malware. 

Malware, as you are probably aware, is a worldwide problem that claims thousands of victims each month. According to Statista, security experts discover 560,000 new pieces of malware every day. That equates to about 17 million new pieces unearthed each month. 

Statista also revealed an 87 percent increase in malware infections over the last decade. These two data alone demonstrate how terrible the malware issue has become. In order to secure your gadgets from cybercrime, you must still use an antivirus programme. 

Always choose a highly regarded antivirus programme that has demonstrated its efficacy in avoiding viruses and malware. It's not a good idea to install any free antivirus software you come across because you can end up with subpar security or even malware that poses as antivirus software.
Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
Subscribe to: Comments (Atom)