Trickbot Malware

 

 

The Trickbot banking malware has added yet another tool to its arsenal, allowing crooks to steal passwords as well as steal browser data including web history and usernames.

In addition to stealing credentials from applications, Trickbot also steals information from web browsers, including usernames and passwords, internet, cookies, browsing history, autofill and HTTP posts. All of these can be exploited to enable the attacker to make off with additional data – and it works on Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge browsers.

Trickbot’s core ability as a banking trojan also remains monitoring users and which banking URLs they access, including those of institutions in the United States, Canada, the UK, Germany, Australia, Austria, Ireland and Switzerland. The malware uses one of two methods – credential extraction, or a fake phishing page which looks like the real thing – to gain the user’s login details and get access to the account.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Trickbot malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-9522

 

 

Android released patches for multiple security vulnerabilities affecting Android devices. The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Source: Android

How do you protect yourself?

Apply the latest Android updates to your devices.

 

DiscCryptor Ransomware

 

 

A new ransomware was discovered installing DiskCryptor on the infected computer and rebooting the infected device to reveal a customized ransom letter.

MalwareHunter Team researchers discovered the malware which used DiskCryptor, an encryption program that encrypts the whole disk and then prompts the user to enter a password on reboot, and noted that it is being run manually or called by another script as it requires an argument to be passed to the program,

Source: SC Media

How do you protect yourself?

Proper security measures must be in place to defend against DiscCryptor Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware. Avoid clicking unknown links and downloading suspicious attachments.