/ Lapsed Ordinary Tue, 10 Jul 2018 12:00:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.3 /2018/07/10/malware-authors-continued-use-of-stolen-certificates-isnt-all-bad-news/ /2018/07/10/malware-authors-continued-use-of-stolen-certificates-isnt-all-bad-news/#respond Tue, 10 Jul 2018 12:00:55 +0000 https://www.lapsedordinary.net/?p=484 A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors’ use of stolen certificates.
More on Virus Bulletin’s blog.

]]> /2018/07/10/malware-authors-continued-use-of-stolen-certificates-isnt-all-bad-news/feed/ 0 /2018/07/06/necurs-update-reminds-us-that-the-botnet-cannot-be-ignored/ /2018/07/06/necurs-update-reminds-us-that-the-botnet-cannot-be-ignored/#respond Fri, 06 Jul 2018 12:00:47 +0000 https://www.lapsedordinary.net/?p=479 The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.
More on Virus Bulletin’s blog.

]]> /2018/07/06/necurs-update-reminds-us-that-the-botnet-cannot-be-ignored/feed/ 0 /2018/06/13/subtle-change-could-see-a-reduction-in-installation-of-malicious-chrome-extensions/ /2018/06/13/subtle-change-could-see-a-reduction-in-installation-of-malicious-chrome-extensions/#respond Wed, 13 Jun 2018 09:37:02 +0000 https://www.lapsedordinary.net/?p=444 Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.

]]> /2018/06/13/subtle-change-could-see-a-reduction-in-installation-of-malicious-chrome-extensions/feed/ 0 /2018/06/04/polish-banks-targeted-by-attackers-who-hijack-customer-sessions/ /2018/06/04/polish-banks-targeted-by-attackers-who-hijack-customer-sessions/#respond Mon, 04 Jun 2018 09:48:29 +0000 https://www.lapsedordinary.net/?p=462 Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
Read more on Payment Source. (Note: subscription wall.)

]]> /2018/06/04/polish-banks-targeted-by-attackers-who-hijack-customer-sessions/feed/ 0 /2018/05/30/mnubot-banking-trojan-communicates-via-sql-server/ /2018/05/30/mnubot-banking-trojan-communicates-via-sql-server/#respond Wed, 30 May 2018 09:34:55 +0000 https://www.lapsedordinary.net/?p=440 Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Read more on Virus Bulletin’s blog.

]]> /2018/05/30/mnubot-banking-trojan-communicates-via-sql-server/feed/ 0 /2018/05/23/xmrig-used-in-new-macos-cryptominer/ /2018/05/23/xmrig-used-in-new-macos-cryptominer/#respond Wed, 23 May 2018 09:34:35 +0000 https://www.lapsedordinary.net/?p=438 A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Read more on Virus Bulletin’s blog.

]]> /2018/05/23/xmrig-used-in-new-macos-cryptominer/feed/ 0 /2018/04/01/new-malware-freezes-users-device-in-account-takeover-scheme/ /2018/04/01/new-malware-freezes-users-device-in-account-takeover-scheme/#respond Sun, 01 Apr 2018 09:41:05 +0000 https://www.lapsedordinary.net/?p=450 The one thing more valuable to consumers than their bank accounts might be their internet access — and a new version of the ‘Trickbot’ trojan targets both.
Read more on Payment Source. (Note: subscription wall.)

]]> /2018/04/01/new-malware-freezes-users-device-in-account-takeover-scheme/feed/ 0