TrickBot Banking Trojan

A new version of the TrickBot banking Trojan continues its evolution of targeting security software in order to prevent its detection and removal. In this new version, TrickBot has set its sights on Windows Defender, which for many people is the only antivirus installed on a Windows 10 machine.

TrickBot is a banking Trojan that attempts to steal online banking credentials, cryptocurrency wallets, browser information, and other credentials saved on your PC and browser.

When TrickBot is executed it first starts a loader that gets the system ready by disabling Windows services and processes associated with security software and performing elevation to gain higher system privileges. When that is completed, it will load the “core” component by injecting a DLL that then downloads modules used to steal information from the computer, contains the communication layer, and perform other tasks.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Tickbot banking trojan and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-7000

A vulnerability has been found in Avaya Aura Conferencing up to 8.0 SP13 and classified as problematic.

A Cross-Site Scripting (XSS) vulnerability in the Web application UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.

Source: Avaya

How do you protect yourself?

Upgrade Avaya Aura Conferencing to version 8.0 SP14 or later.

Android Ransomware

A new family of ransomware designed to attack Google’s Android mobile operating system utilizes SMS messaging to spread, researchers say. 

On Monday, cybersecurity professionals from ESET revealed their investigation into the new malware, dubbed Android/Filecoder.C, that earmarks the end of a two-year decline in new Android malware detections. 

Filecoder has been active since at least July 12, 2019, and is being spread through malicious posts in online forums including Reddit and the Android developer messaging board XDA Developers. 

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Android ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.