xHelper, together with other malware and threat attacks, have added to the concerns of Android users. Read about this threat and more in the latest security industry news below.
For more articles, check out our #onpatrol4malware blog.
AZORult brings friends to the party
Source: Talos
Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. Read more.
xHelper, the Unkillable Android malware that re-Installs after factory reset
Source: Security Affairs
xHelper, a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. Read more.
BGP Hijacking and BGP Security
Source: Team Cymru
Rostelecom AS12389, a Russian state-owned telecommunication company, hijacked routes to Google, AWS, Cloudflare and others. In fact, this event impacted over 8,000 prefixes of many different ASes. Read more.
Advisory: COVID-19 exploited by malicious cyber actors
Source: National Cyber Security Centre
This advisory provides information on exploitation by cyber criminal and APT groups of the current COVID-19 global pandemic. It includes a non-exhaustive list of IOCs for detection as well as mitigation advice. Read more.
Grandoreiro Malware Now Targeting Banks in Spain
Source: Security Intelligence
IBM X-Force researchers have noticed a familiar malware threat that typically affects bank customers in Brazil has spread to attack banks in Spain. Read more.
TA505 Continues to Infect Networks With SDBbot RAT
Source: Security Intelligence
It was observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside other custom malware and continues to display tactics used against companies within the past year. Read more.
Coronavirus Update App Leads to Project Spy Android and iOS Spyware
Source: Trend Micro
Project Spy infects Android and iOS devices with spyware. Project Spy uses the ongoing coronavirus pandemic as a lure, posing as an app called Coronavirus Updates. Read more.
Guidance on the North Korean Cyber Threat
Source: CISA
The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic People’s Republic of Korea (DPRK) – and provides recommended steps to mitigate the threat. Read more.
Craft for Resilience
Source: CyCraft
Their research shows that the majority of these attacks were concentrated on the Taiwan semiconductor sector. This is worthy of concern, as Taiwan’s semiconductor industry plays a very crucial role in the world. Read more.
Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
Source: Trend Micro
Trend Micro will walk you through their analysis of three adware events that they eventually linked and variously named as Dealply, IsErIk, and ManageX. Read more.
Web Skimmer with a Domain Name Generator
Source: Sucuri
The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php and it generates domain names based on the current date. Read more.