XMRig Cryptocurrency Miner

 

 

Cyber criminals are using unusually credible fake Adobe Flash updates to push Monero cryptocurrency mining malware, researchers have found.

While fake Flash updates are typically poorly disguised, a campaign that emerged in August 2018 is using pop-up notifications borrowed from the official Adobe installer, according to Unit 42, the threat intelligence team at Palo Alto Networks.

As well as installing the XMRig cryptocurrency miner, this malware can also update a victim’s Flash Player to the latest version, making it appear to be legitimate.

As a result, victims are less likely to notice anything unusual because the fake update works as expected, although an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer.

Source: ComputerWeekly

How do you protect yourself?

Proper security measures must be in place to defend against cryptomining malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from cryptomining malware. Avoid clicking unknown links and downloading suspicious attachments.

 

 

CVE-2018-15976

 

 

Adobe has released a security update for the Adobe Technical Communications Suite. This update resolves an insecure library loading vulnerability in the installer that could lead to privilege escalation. Affected products include versions 1.0.5.1 and below.

Source: Adobe

How do you protect yourself?

Security vulnerabilities are fixed in the Adobe Technical Communications Suite 2019 release.

 

Panda Banker Trojan

 

 

The Panda banking Trojan, used to steal money from organizations worldwide, is now being distributed through the Emotet threat platform.

Cyberattackers utilizing the malware often embed the malicious code in crafted Microsoft documents, designed to deploy the payload through macros.

Once Panda Banker has compromised a victim machine, the malware connects to a command-and-control (C2) server and sends along information including the OS version, latency, local time, computer name, data relating to any antivirus software which has been installed, and what firewalls are in operation.

The Trojan then creates a copy of itself which, in turn, creates two svchost.exe processes which are imbued with the Trojan.

Panda Banker also scans the system to find any known web browsers in use. If they are discovered, the Trojan injects a plugin which intercepts user traffic.

The malware will lie in wait until such time as a user visits a target website, such as an online banking system or credit card company. A script is then deployed to grab bank and credit card data, account credentials, and personal information, which is fed back to the C2 and can later be used to plunder financial accounts.

In total, at least one video streaming service, one pornography website, 11 credit card firms, and one e-commerce platform have been attacked in Japan. In Canada, nine banks have become the target of Panda Banker, and a total of eight banking companies, two payroll systems, and one blockchain firm have been targeted in the United States.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Panda banker trojan and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.