Shamoon Malware

 

 

Two new samples of the Shamoon data-wiping malware have been discovered in the wild, after a period of silence that lasted for about two years.

In a report sent to BleepingComputer, the research team from Chronicle (cybersecurity subsidiary of Google’s parent company, Alphabet Inc.) says that the new strains were uploaded to VirusTotal on December 10, from Italy.

One variant of Shamoon Chronicle is currently investigating, has the trigger date and local time set to December 7, 2017, 23:51. The researchers note that this is about one year before it was uploaded to the VirusTotal platform.

However, news emerged this week of a cyber attack against Italian oil services provider Saipem. The incident occurred on Monday and impacted over 300 of the company’s servers located in the Middle East, India, Scotland (Aberdeen), and Italy.

It is possible that one of the samples was uploaded by Saipem while trying to determine the nature of the malware that affected its business.

In a statement on Wednesday, Saipem says that the threat actor used a variant of Shamoon for the attack that “led to the cancellation of data and infrastructures, typical effects of malware.”

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Shamoon malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware.

 

CVE-2018-15998

 

 

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installations to the latest versions.

 

Optimization Android Trojan

 

 

Last month researchers downloaded a power management app called “Optimization Android” from an undisclosed third-party app store. What they found was instead of optimizing the phone’s battery it changed the Accessibility settings on the phone, enabled the overlay Android accessibility feature and tried to rob them.

In the case of the rogue app “Optimization Android” the app, when first launched, changed the victim’s Accessibility settings to enable overlays and then closed. The app didn’t even try to optimize the phone’s battery.

Next, the app targeted phones that had the PayPal app installed.

The malware then sends the user a notification telling them to launch the official PayPal app (if it is installed on the compromised device), under the guise that they need to “confirm your account immediately.”

Once the user opens the PayPal app, the malicious accessibility service mimics the user’s clicks using its newfound Accessibility services capabilities to send money to the attacker’s PayPal address.

According to researchers, the malicious Accessibility service is activated every time the PayPal app is launched – meaning the attack could take place multiple times.

Source: Threatpost

How do you protect yourself?

Proper security measures must be in place to defend against Optimization Android Trojan and similar threats. Make sure you are only downloading verified, official apps from app stores. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware. Avoid clicking unknown links and downloading suspicious attachments.