Geost Botnet

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

The campaign is believed to have infected up to 800,000 Android users and has potentially provided the attackers with access to bank accounts along with information about the names of victims, their type of phone and their location.

The initial infection comes in the form of malicious apps – the attackers take legitimate apps from the Google Play store and edit the code to add malicious capabilities alongside the real functionality of the app before uploading it to third-party Android stores to be downloaded by users. The malicious apps are often weaponised versions of popular services, including games, banking and social-networking apps.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Geost Botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-16928

Exim has released security updates for their software.

There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist.

Source: Exim

How do you protect yourself?

Download and build the fixed version 4.92.3

FTCode Ransomware

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components.

This ransomware is being distributed through spam containing malicious Word docs that are targeting Italian users.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against FTCode Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.