InvisiMole
Malware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

Security researchers from ESET have discovered a complex piece of spyware that was used sparingly in the last five years to infect and spy on a very small number of targets in Russia and Ukraine.

Some of this module’s commands allow it to turn on the user’s microphone, record audio, encode it as MP3 and send it to the InvisiMole C&C server.

One strain can also turn on the user’s webcam and take screenshots. It can also monitor local drives, retrieve system info, and make system config alterations.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against InvisiMole malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE
2018-9338

Threat Meter

 

Multiple vulnerabilities have been identified in Android. A remote attacker can exploit these vulnerabilities to perform remote code execution, denial of service, elevation of privilege and disclose sensitive information on the targeted system. In the android framework, it could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.

Source: Android Source Code

How do you protect yourself?

Ensure your Android software is up-to-date. Pixel and Nexus devices should start receiving over-the-air updates starting today according to ThreatPost. It takes about a week and half for the updates to reach all Nexus devices. Other vendors like LG and Samsung typically trail Google in updating qualifying devices, but do it monthly.

 

.cryptgh0st files
Ransomware

Threat Meter

 

What appears to be a variant of mauri870 ransomware. Encrypts files, making them unable to be opened and asks from victims to pay ransom.

Files are encrypted with the .cryptgh0st file extension added to them and a ransom note, called READ_TO_DECRYPT.html is also dropped.

Source: SensorsTechForum 

How do you protect yourself?

Proper security measures must be in place to defend against .cryptgh0st files Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from ransomware.