Gustuff Malware

 

 

A previously unreported advanced banking trojan named Gustuff can steal funds from accounts at over 100 banks across the world and rob users of 32 cryptocurrency Android apps.

The malware includes code to target top international banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank. It also searches for cryptocurrency wallet apps like Bitcoin Wallet, or from services BitPay, Cryptopay, Coinbase, and more.

The malware relies on a relatively rare tactic to access and automatically change text fields in targeted apps. On compromised devices, Gustuff uses Android Accessibility services to interact with screens from other apps.

Gustuff spreads to other mobile devices by reading the contact list of the compromised phone and sending out messages with a link to its APK installation file.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Gutstuff Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-9810

 

 

Firefox has released patches for security vulnerabilities in Thunderbird.

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.

Source: Mozilla

How do you protect yourself?

Update Firefox to Thunderbird 60.6.1.

 

LockerGoga Ransomware

 

 

The LockerGoga ransomware that’s been targeting industrial and manufacturing companies in early 2019 contains a coding error that could potentially be exploited to stop it from encrypting files, researchers say.

The mistake pertains to how the malware handles .lnk file extensions.

According to Alert Logic, LockerGoga scans compromised machines to assess what files they are hosting. If LockerGoga identifies any .lnk file extensions, which are used by Microsoft Windows to point to executable files, then the malware attempts to resolve their paths.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against LockerGoga Ransomware and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.