xHelper Malware

Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.

But the thing that’s most “interesting” is that xHelper doesn’t work like most other Android malware. Once the trojan gains access to an Android device via an initial app, xHelper installs itself as a separate self-standing service.

Uninstalling the original app won’t remove xHelper, and the trojan will continue to live on users’ devices, continuing to show popups and notification spam.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against xHelper Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-13720

Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers.

The bug (CVE-2019-13720) is a use-after-free flaw, which is a memory corruption flaw where an attempt is made to access memory after it has been freed. This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code – or even enable full remote code execution capabilities.

Source: ThreatPost

How do you protect yourself?

Update to the latest version of Chrome, 78.0.3904.87 (for Windows, Mac, and Linux) as it rolls out over the coming days.

Adwind Trojan

A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets.

Adwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data – mainly login credentials – from victims’ machines. While Adwind has historically been platform-agnostic, researchers say they have discovered a new four-month-old version targeting specifically Windows applications – like Explorer and Outlook – as well as Chromium-based browsers (Chromium is a free and open-source web browser developed by Google), including newer browsers like Brave.

The new variant is a JAR file (Java ARchive; a package file format typically used to aggregate many Java class files) that researchers say is typically delivered from a link in a phishing email or downloaded from a legitimate site serving up insecure third-party content.

Source: ThreatPost

How do you protect yourself?

Proper security measures must be in place to defend against Adwind trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.