PBot (PythonBot) Adware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

PBot has traditionally been used to place adware on its victim’s devices, but one new member of the family instead installed cpuminer that can be used to generate bitcoin and litecoin.

Two other new versions of PBot found are still pushing adware. Each is usually distributed through a partner site where scripts are used to pusparth visitors to specific websites. A typical visit for a target is for he or she to arrive at such a site and once they click on any part of the page a new browser window pops up that links to an intermediate link. This then pushes the victim along to a PBot download page that injects and runs the adware.

At this stage, the victim will come across one of the two new versions of PBot. The first will attempt to place a malicious DLL into the browser using a JS script to display ads on web pages. The other installs ad extensions into the browser. One distinctive feature of this variant is the presence of a module that updates scripts and downloads fresh browser extensions. These normally just ad banner ads to the page that redirect the person to the advertising sites.

Source: SC Media

How do you protect yourself?

Proper security measures must be in place to defend against PBot Adware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE-2018-12359

Threat Meter

 

Mutiple vulnerabilities were reported in Mozilla Firefox. A buffer overflow can occur when rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash.

Source: Mozilla Foundation Security Advisory

How do you protect yourself?

Update your browser to the latest version. Vulnerabilities are fixed in Mozilla Firefox version 61.0.

 

MysteryBot Trojan

Threat Meter

 

The new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time.

MysteryBot contains an extensive lists of commands, including ones for stealing emails from infected devices, forwarding incoming calls to another number, viewing contacts and sending them SMS text messages, and more. Not all of the commands appear to be functional just yet, however, as some of the code is still in development.

Source: Hot Hardware

How do you protect yourself?

Proper security measures must be in place to defend against Mysterybot and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.